CVE-2024-11014

Summary

Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface.

Affected Software

VendorProductVersion RangeStatus
NEC CorporationUNIVERGE IXfrom Ver9.2 to Ver10.10.21affected
NEC CorporationUNIVERGE IXfor Ver10.8 up to Ver10.8.27affected
NEC CorporationUNIVERGE IXfor Ver10.9 up to Ver10.9.14affected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References