Hackers Can Hijack Authentication via Management Interface

CVE-2024-11014
4.3MEDIUM

Key Information

Vendor
Nec Corporation
Status
Univerge Ix
Vendor
CVE Published:
29 November 2024

Badges

đź“° News Worthy

Summary

Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface.

Affected Version(s)

UNIVERGE IX = from Ver9.2 to Ver10.10.21

UNIVERGE IX = for Ver10.8 up to Ver10.8.27

UNIVERGE IX = for Ver10.9 up to Ver10.9.14

News Articles

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • First article discovered by tntsecurite.ca

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

RyotaK of Flatt Security Inc.
.