PT-2023-18398 · Maho Pbx · Maho-Pbx Netdevancer Mobilegate Home/Office+2

Masamu Asato

·

Published

2023-01-17

·

Updated

2025-04-04

·

CVE-2023-22286

CVSS v3.1

8.1

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud versions prior to 1.11.00 MAHO-PBX NetDevancer VSG Lite/Uni versions prior to 1.11.00 MAHO-PBX NetDevancer MobileGate Home/Office versions prior to 1.11.00
Description A cross-site request forgery (CSRF) issue allows a remote unauthenticated attacker to hijack user authentication and conduct unintended operations by having a user view a malicious page while logged in.
Recommendations For MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud versions prior to 1.11.00, update to version 1.11.00 or later. For MAHO-PBX NetDevancer VSG Lite/Uni versions prior to 1.11.00, update to version 1.11.00 or later. For MAHO-PBX NetDevancer MobileGate Home/Office versions prior to 1.11.00, update to version 1.11.00 or later.

Fix

CSRF

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-22286

Affected Products

Maho-Pbx Netdevancer Lite/Uni/Pro/Cloud
Maho-Pbx Netdevancer Mobilegate Home/Office
Maho-Pbx Netdevancer Vsg Lite/Uni