Lucene search

[email protected]CVE-2015-5452

HistoryJul 08, 2015 - 3:59 p.m.

CVE-2015-5452

2015-07-0815:59:04

CWE-89

[email protected]

web.nvd.nist.gov

cve-2015-5452

sql injection

watchguard xcs

remote attack

arbitrary sql commands

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.054 Low

EPSS

Percentile

93.2%

JSON

SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.

Affected configurations

NVD

Node

watchguardxcsMatch9.2

watchguardxcsMatch10.0

CPENameOperatorVersion
watchguard:xcswatchguard xcseq9.2
watchguard:xcswatchguard xcseq10.0

CPE	Name	Operator	Version
watchguard:xcs	watchguard xcs	eq	9.2
watchguard:xcs	watchguard xcs	eq	10.0

References

packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-Command-Execution.html

packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-Execution.html

www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_exec

www.security-assessment.com/files/documents/advisory/Watchguard-XCS-final.pdf

www.securityfocus.com/bid/75516

www.watchguard.com/support/release-notes/xcs/10/en-US/EN_Release_Notes_XCS_v10_0_Security_Hotfix/EN_Release_Notes_XCS_v10_0_Security_Hotfix.pdf

www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_2_Security_Hotfix/EN_Release_Notes_XCS_v9_2_Security_Hotfix.pdf

www.exploit-db.com/exploits/38346/

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.054 Low

EPSS

Percentile

93.2%

JSON

Related for CVE-2015-5452

nvd1 prion1 cvelist1