MultiFLEX M10a Controller Multiple Security Vulnerabilities

MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities:

1. Multiple security-bypass vulnerabilities
2. An information-disclosure vulnerability
3. A cross-site request-forgery vulnerability

Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible.

Information

Bugtraq ID: 101259
Class: Unknown
CVE: CVE-2017-14013
CVE-2017-14007
CVE-2017-14011
CVE-2017-14009
CVE-2017-14005

Remote: Yes
Local: No
Published: Oct 13 2017 12:00AM
Updated: Oct 13 2017 12:00AM
Credit: Maxim Rupp
Vulnerable: ProMinent MultiFLEX M10a Controller 0

Not Vulnerable:

Exploit

An attacker can exploit these issues through a browser or readily available tools. To exploit the cross-site request-forgery issue, the attacker must entice an unsuspecting victim into following a malicious URI.

References:

ProMinent Home Page (ProMinent)
Advisory (ICSA-17-285-01) ProMinent MultiFLEX M10a Controller (CERT)

Source: www.securityfocus.com

Exploit Collector

Search Exploit