CVE-2024-11014

Name of the Vulnerable Software and Affected Versions NEC Corporation UNIVERGE IX versions 9.2 through 10.10.21 NEC Corporation UNIVERGE IX versions 10.8 through 10.8.27 NEC Corporation UNIVERGE IX versions 10.9 through 10.9.14

Description The issue allows an attacker to hijack the authentication of screens on the device via the management interface. This is a Cross-site request forgery (CSRF) vulnerability, which can be exploited to seize control of the device's authentication.

Recommendations For versions 9.2 through 10.10.21, update to a version later than 10.10.21 to resolve the issue. For versions 10.8 through 10.8.27, update to a version later than 10.8.27 to resolve the issue. For versions 10.9 through 10.9.14, update to a version later than 10.9.14 to resolve the issue. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation.