CVE-2009-2344
Sourcefire 3D Sensor & Defense Center 4.8.x - Privilege Escalation
Severity Score
9.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
La interfaz de administración web en Sourcefire Defense Center (DC) y 3D Sensor anteriores a v4.8.2 permiten a usuarios autentificarse para obtener privilegios a través de un valor $admin para los parametros de administración en una acción de edición de admin/user/user.cgi y otros componentes no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-07-02 First Exploit
- 2009-07-07 CVE Reserved
- 2009-07-07 CVE Published
- 2024-02-15 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/archive/1/504694/100/0/threaded | Mailing List | |
http://www.securitytracker.com/id?1022500 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/9074 | 2009-07-02 | |
http://www.exploit-db.com/exploits/9074 | 2024-08-07 | |
http://www.securityfocus.com/bid/35553 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/35658 | 2018-10-10 | |
http://www.vupen.com/english/advisories/2009/1785 | 2018-10-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sourcefire Search vendor "Sourcefire" | 3d Sensor Search vendor "Sourcefire" for product "3d Sensor" | <= 4.8.1 Search vendor "Sourcefire" for product "3d Sensor" and version " <= 4.8.1" | - |
Affected
| ||||||
Sourcefire Search vendor "Sourcefire" | 3d Sensor Search vendor "Sourcefire" for product "3d Sensor" | 4.8 Search vendor "Sourcefire" for product "3d Sensor" and version "4.8" | - |
Affected
| ||||||
Sourcefire Search vendor "Sourcefire" | 3d Sensor Search vendor "Sourcefire" for product "3d Sensor" | 4.8.0.3 Search vendor "Sourcefire" for product "3d Sensor" and version "4.8.0.3" | - |
Affected
| ||||||
Sourcefire Search vendor "Sourcefire" | 3d Sensor Search vendor "Sourcefire" for product "3d Sensor" | 4.8.0.4 Search vendor "Sourcefire" for product "3d Sensor" and version "4.8.0.4" | - |
Affected
| ||||||
Sourcefire Search vendor "Sourcefire" | Defense Center Search vendor "Sourcefire" for product "Defense Center" | <= 4.8.1 Search vendor "Sourcefire" for product "Defense Center" and version " <= 4.8.1" | - |
Affected
| ||||||
Sourcefire Search vendor "Sourcefire" | Defense Center Search vendor "Sourcefire" for product "Defense Center" | 4.8 Search vendor "Sourcefire" for product "Defense Center" and version "4.8" | - |
Affected
| ||||||
Sourcefire Search vendor "Sourcefire" | Defense Center Search vendor "Sourcefire" for product "Defense Center" | 4.8.0.3 Search vendor "Sourcefire" for product "Defense Center" and version "4.8.0.3" | - |
Affected
| ||||||
Sourcefire Search vendor "Sourcefire" | Defense Center Search vendor "Sourcefire" for product "Defense Center" | 4.8.0.4 Search vendor "Sourcefire" for product "Defense Center" and version "4.8.0.4" | - |
Affected
|