Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.
Find out more about CVE-2014-5335 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
Product Name | Status | Defect | Fixed | Downloads |
---|---|---|---|---|
Linux | ||||
Wind River Linux LTS 17 | Not Vulnerable | -- | -- | -- |
Wind River Linux 8 | Not Vulnerable | -- | -- | -- |
Wind River Linux 9 | Not Vulnerable | -- | -- | -- |
Wind River Linux 7 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 21 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 18 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 19 | Not Vulnerable | -- | -- | -- |
Wind River Linux CD release | Not Vulnerable | -- | -- | -- |
Wind River Linux 6 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
VxWorks | ||||
VxWorks 7 | Not Vulnerable | -- | -- | -- |
VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
Helix Virtualization Platform Cert Edition | ||||
Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
Product Name | Status | Defect | Fixed | Downloads |
---|