MultiFLEX M10a Controller Multiple Security Vulnerabilities



MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities:

1. Multiple security-bypass vulnerabilities
2. An information-disclosure vulnerability
3. A cross-site request-forgery vulnerability

Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible.

Information

Bugtraq ID: 101259
Class: Unknown
CVE: CVE-2017-14013
CVE-2017-14007
CVE-2017-14011
CVE-2017-14009
CVE-2017-14005

Remote: Yes
Local: No
Published: Oct 13 2017 12:00AM
Updated: Oct 13 2017 12:00AM
Credit: Maxim Rupp
Vulnerable: ProMinent MultiFLEX M10a Controller 0


Not Vulnerable:

Exploit


An attacker can exploit these issues through a browser or readily available tools. To exploit the cross-site request-forgery issue, the attacker must entice an unsuspecting victim into following a malicious URI.


Related Posts