MitreCVE-2014-4976CVE-2014-4976
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
79.9%
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sonicwall | scrutinizer | 11.0.1 | cpe:2.3:a:sonicwall:scrutinizer:11.0.1:*:*:*:*:*:*:* |
References
packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html
seclists.org/fulldisclosure/2014/Jul/44
www.securityfocus.com/bid/68495
exchange.xforce.ibmcloud.com/vulnerabilities/94438
gist.github.com/brandonprry/36b4b8df1cde279a9305
gist.github.com/brandonprry/76741d9a0d4f518fe297
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
79.9%