CVE-2024-11014
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Nov 29, 2024
CWE ID 352
Summary
CVE-2024-11014 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the NEC Corporation UNIVERGE IX from versions Ver9.2 to Ver10.10.21, as well as versions Ver10.8 up to Ver10.8.27 and Ver10.9 up to Ver10.9.14. This issue permits an attacker to manipulate screens on the device through the management interface by hijacking the authentication of other users. The attacker can carry out unauthorized actions, potentially leading to significant security implications. Users are urged to update their systems to the latest versions to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share