Lucene search

[email protected]CVE-2014-9431

HistoryDec 31, 2014 - 10:59 p.m.

CVE-2014-9431

2014-12-3122:59:07

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-9431

csrf

vulnerabilities

smoothwall express

authentication hijack

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.5%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.

Affected configurations

NVD

Node

smoothwallsmoothwallMatch3.0sp3express

smoothwallsmoothwallMatch3.1express

CPENameOperatorVersion
smoothwall:smoothwallsmoothwalleq3.0
smoothwall:smoothwallsmoothwalleq3.1

CPE	Name	Operator	Version
smoothwall:smoothwall	smoothwall	eq	3.0
smoothwall:smoothwall	smoothwall	eq	3.1

References

packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

exchange.xforce.ibmcloud.com/vulnerabilities/99403

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVE-2014-9431

prion1 cvelist1 nvd1