Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2014-5335
HistoryAug 25, 2014 - 4:55 p.m.

CVE-2014-5335

2014-08-2516:55:03
CWE-352
mitre
web.nvd.nist.gov
35
cve-2014-5335
csrf
cross-site request forgery
innovaphone pbx
remote attack
authentication hijacking
vulnerabilities

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.

Affected configurations

Nvd
Node
innovaphoneinnovaphone_pbxRange10.00sr11
VendorProductVersionCPE
innovaphoneinnovaphone_pbx*cpe:2.3:a:innovaphone:innovaphone_pbx:*:sr11:*:*:*:*:*:*

Related

exploitdb 1
nvd 1
prion 1
packetstorm 1
securityvulns 2
exploitpack 1
zdt 2
cvelist 1
seebug 1
exploitdb
exploitdb
Innovaphone PBX Admin-GUI - Cross-Site Request Forgery
2014-08-25 00:00:00
nvd
nvd
CVE-2014-5335
2014-08-25 16:55:03
prion
prion
Cross site request forgery (csrf)
2014-08-25 16:55:00
packetstorm
packetstorm
Innovaphone PBX Cross Site Request Forgery
2014-08-22 00:00:00
securityvulns
securityvulns
[CVE-2014-5335] CSRF in Innovaphone PBX
2014-08-26 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-08-26 00:00:00
exploitpack
exploitpack
Innovaphone PBX Admin-GUI - Cross-Site Request Forgery
2014-08-25 00:00:00
zdt
zdt
Innovaphone PBX Cross Site Request Forgery Vulnerability
2014-08-22 00:00:00
Innovaphone PBX Admin-GUI - CSRF Vulnerability
2014-08-26 00:00:00
cvelist
cvelist
CVE-2014-5335
2014-08-25 16:00:00
seebug
seebug
Innovaphone PBX Admin-GUI - CSRF Vulnerability
2014-08-26 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON
Related for CVE-2014-5335
exploitdb1nvd1prion1packetstorm1securityvulns2exploitpack1zdt2cvelist1seebug1