CVE-2014-2358

Fox-IT DataDiode Appliance < 1.7.2 - Cross-Site Request Forgery in Administrative Web Interface

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-269-02

Scores

EPSS 0.0057
EPSS Percentile 43.3%

Details

CWE
CWE-352
Status published
Products (3)
Fox-IT/DataDiode Appliance < 1.7.1
Fox-IT/DataDiode Appliance 1.7.2
fox-it/fox_datadiode < 1.7.1
Published Oct 19, 2014
Tracked Since Feb 18, 2026