CVE-2024-11014
MEDIUMNEC UNIVERGE IX 9.2-10.10.21, 10.8-10.8.27, 10.9-10.9.14 - Cross-Site Request Forgery via Management Interface
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface.
References (1)
Core 1
Core References
Various Sources
https://jpn.nec.com/security-info/secinfo/nv24-009_en.html
Scores
CVSS v3
4.3
EPSS
0.0018
EPSS Percentile
7.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (3)
NEC Corporation/UNIVERGE IX
for Ver10.8 up to Ver10.8.27
NEC Corporation/UNIVERGE IX
for Ver10.9 up to Ver10.9.14
NEC Corporation/UNIVERGE IX
from Ver9.2 to Ver10.10.21
Published
Nov 29, 2024
Tracked Since
Feb 18, 2026