Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2627

Overview

Vulnerability Score 9.4 9.4
CVE Id CVE-2012-2627
Last Modified 01 Aug 2012 12:00:00
Published 31 Jul 2012 06:45:41
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2627

Summary

d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.

Vulnerable Systems

Application

  • Dell Sonicwall Scrutinizer 8.6.2

  • Dell Sonicwall Scrutinizer 9.0.0

  • Dell Sonicwall Scrutinizer 9.0.1

  • Dell Sonicwall Scrutinizer 9.5.0

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 8.6.2

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.0.0

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.0.1

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.5.0


References

MISC - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

MISC - http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html


Last Updated: 27 May 2016 10:55:01