CVE-2014-6607

Published: Oct 6, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.

Affected (1)

Products: Mmonit: M/monit

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mmonit M/monit	Up to 3.3.2

Related CWEs

References (6)

http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Sep/71

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/34718

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://seclists.org/fulldisclosure/2014/Sep/71

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.exploit-db.com/exploits/34718

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.