var-201407-0175
Vulnerability from variot
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including: 1. A privilege-escalation vulnerability 2. Multiple SQL-injection vulnerabilities Attackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scrutinizer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "11.0.1"
},
{
"model": "sonicwall scrutinizer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "11.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:sonicwall_scrutinizer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brandon Perry",
"sources": [
{
"db": "BID",
"id": "68495"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2014-4977",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-72918",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4977",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4977",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72918",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including:\n1. A privilege-escalation vulnerability\n2. Multiple SQL-injection vulnerabilities\nAttackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "VULHUB",
"id": "VHN-72918"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-72918",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4977",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "127429",
"trust": 2.5
},
{
"db": "BID",
"id": "68495",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "137098",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "39836",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365",
"trust": 0.7
},
{
"db": "XF",
"id": "94439",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72918",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"id": "VAR-201407-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:45:02.408000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL Scrutinizer",
"trust": 0.8,
"url": "http://www.dell.com/jp/business/p/sonicwall-scrutinizer/pd?dgc=ST\u0026cid=33282\u0026lid=4254676\u0026acd=10591620522341418"
},
{
"title": "Scrutinizer",
"trust": 0.8,
"url": "http://www.sonicwall.com/us/en/support/6632.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/127429/dell-sonicwall-scrutinizer-11.01-code-execution-sql-injection.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68495"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/jul/44"
},
{
"trust": 1.7,
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"trust": 1.7,
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39836/"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/137098/dell-sonicwall-scrutinizer-11.01-methoddetail-sql-injection.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4977"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4977"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/94439"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-72918"
},
{
"date": "2014-07-10T00:00:00",
"db": "BID",
"id": "68495"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"date": "2014-07-16T14:19:04.370000",
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-72918"
},
{
"date": "2014-07-24T00:09:00",
"db": "BID",
"id": "68495"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-365"
},
{
"date": "2024-11-21T02:11:12.530000",
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SonicWall Scrutinizer In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.