PT-2017-13200 · Prominent · Prominent Multiflex M10A Controller

Published

2017-10-17

Updated

2019-10-09

CVE-2017-14013

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ProMinent MultiFLEX M10a Controller (affected versions not specified)

Description A Client-Side Enforcement of Server-Side Security issue was found in the web interface, where the log out function only removes the user's session on the client side. This could allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-669CWE-602

Related Identifiers

CVE-2017-14013

Affected Products

Prominent Multiflex M10A Controller

PT-2017-13200 · Prominent · Prominent Multiflex M10A Controller

CVE-2017-14013

Weakness Enumeration

Related Identifiers

Affected Products

References · 3