CVE-2017-14011

Summary

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the configuration of the device.

Affected Software

VendorProductVersion RangeStatus
n/aProMinent MultiFLEX M10a ControllerProMinent MultiFLEX M10a Controlleraffected

Weaknesses

  • CWE-352: CWE-352

ADP Enrichment

CVE Program Container

Additional References

References