CVE-2014-2358

Name of the Vulnerable Software and Affected Versions Fox-IT Fox DataDiode appliances versions prior to 1.7.2

Description The issue affects the administrative web interface in the proxy server, where multiple cross-site request forgery (CSRF) vulnerabilities are present. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests, including creating administrative users, removing administrative users, or changing permissions.

Recommendations For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative web interface to minimize the risk of exploitation.