CVE-2014-2358
Fox-IT DataDiode Appliance < 1.7.2 - Cross-Site Request Forgery in Administrative Web Interface
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-269-02
Scores
EPSS
0.0057
EPSS Percentile
43.3%
Details
CWE
CWE-352
Status
published
Products (3)
Fox-IT/DataDiode Appliance
< 1.7.1
Fox-IT/DataDiode Appliance
1.7.2
fox-it/fox_datadiode
< 1.7.1
Published
Oct 19, 2014
Tracked Since
Feb 18, 2026