Unrated severityNVD Advisory· Published Oct 6, 2014· Updated May 6, 2026

CVE-2014-6607

Description

M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.

Affected products

Mmonit/M\/monit
cpe:2.3:a:mmonit:m\/monit:*:*:*:*:*:*:*:*
Range: <=3.3.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.htmlnvdExploit
seclists.org/fulldisclosure/2014/Sep/71nvdExploit
www.exploit-db.com/exploits/34718nvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000