Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2626

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2626
Last Modified 31 Jul 2012 12:00:00
Published 31 Jul 2012 06:45:41
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2626

Summary

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.

Vulnerable Systems

Application

  • Dell Sonicwall Scrutinizer 8.6.2

  • Dell Sonicwall Scrutinizer 9.0.0

  • Dell Sonicwall Scrutinizer 9.0.1

  • Dell Sonicwall Scrutinizer 9.5.0

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 8.6.2

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.0.0

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.0.1

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.5.0


References

MISC - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

MISC - http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html


Last Updated: 27 May 2016 10:55:01