Hackers Can Hijack Authentication via Management Interface
CVE-2024-11014

4.3MEDIUM

Key Information:

Vendor: Nec Corporation
Status: Univerge Ix
Vendor: CVE Published:; 29 November 2024

Badges

📰 News Worthy

Summary

Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface.

Affected Version(s)

UNIVERGE IX from Ver9.2 to Ver10.10.21

UNIVERGE IX for Ver10.8 up to Ver10.8.27

UNIVERGE IX for Ver10.9 up to Ver10.9.14

News Articles

tntsecurite.ca

CVE-2024-11014 CVE-2024-11013

KMSpico-10.2.0-install.zip – TNT Sécurité

CVE-2024-47094 29 novembre 2024Medium Severity Description Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versionsCVE-2024-50357 29 novembre 2024Critical Severity Description...

1 month ago

References

https://https://jpn.nec.com/security-info/secinfo/nv24-00...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by tntsecurite.ca
Nov 30, 2024
Vulnerability published
Nov 29, 2024
Vulnerability Reserved
Nov 8, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

RyotaK of Flatt Security Inc.