← voltar
CVE-2014-2358

Fox-IT DataDiode Appliance CSRF

CVSS 4.3 EPSS 0.6%CWE-352
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions.
AV:N/AC:M/Au:N/C:N/I:N/A:P
Produtos afetados
Fox-IT · DataDiode Appliance

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02https://www.cisa.gov/news-events/ics-advisories/icsa-14-269-02