Vulnerabilites related to Fox-IT - DataDiode Appliance
CVE-2014-2358 (GCVE-0-2014-2358)
Vulnerability from cvelistv5
Published
2014-10-19 01:00
Modified
2025-10-03 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fox-IT | DataDiode Appliance |
Version: 0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataDiode Appliance",
"vendor": "Fox-IT",
"versions": [
{
"lessThanOrEqual": "1.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.7.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tudor Enache of HelpAG"
}
],
"datePublic": "2014-10-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions.\u003c/p\u003e"
}
],
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T17:19:27.344Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-269-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFox-IT has released Version 1.7.2 of the Fox DataDiode Appliance that\n resolves the reported vulnerability. A Fox-IT product advisory titled \n\u201cFox DataDiode Appliance 1.7.2 advisory,\u201d containing background and \npreparation information, as well as the upgrade instructions, are \navailable by contacting the local Fox-IT customer support.\u003c/p\u003e\n\u003cp\u003eFox-IT also recommends the following actions:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAll users of the Fox DataDiode Appliance should upgrade their systems to Version 1.7.2.\u003c/li\u003e\n\u003cli\u003eThis installation consists of a reinstallation of the new version of\n the software. Therefore, the existing software configuration should be \nexported before this upgrade. This configuration can then be restored \nafter the upgrade.\u003c/li\u003e\n\u003cli\u003eUsers are advised to change all passwords of administrator and user \naccounts in the Fox DataDiode Appliance, plus passwords used for FTP/SSL\n connections.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Fox-IT has released Version 1.7.2 of the Fox DataDiode Appliance that\n resolves the reported vulnerability. A Fox-IT product advisory titled \n\u201cFox DataDiode Appliance 1.7.2 advisory,\u201d containing background and \npreparation information, as well as the upgrade instructions, are \navailable by contacting the local Fox-IT customer support.\n\n\nFox-IT also recommends the following actions:\n\n\n\n * All users of the Fox DataDiode Appliance should upgrade their systems to Version 1.7.2.\n\n * This installation consists of a reinstallation of the new version of\n the software. Therefore, the existing software configuration should be \nexported before this upgrade. This configuration can then be restored \nafter the upgrade.\n\n * Users are advised to change all passwords of administrator and user \naccounts in the Fox DataDiode Appliance, plus passwords used for FTP/SSL\n connections."
}
],
"source": {
"advisory": "ICSA-14-269-02",
"discovery": "EXTERNAL"
},
"title": "Fox-IT DataDiode Appliance CSRF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2358",
"datePublished": "2014-10-19T01:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-03T17:19:27.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}