// For flags

CVE-2009-2344

Sourcefire 3D Sensor & Defense Center 4.8.x - Privilege Escalation

Severity Score

9.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.

La interfaz de administración web en Sourcefire Defense Center (DC) y 3D Sensor anteriores a v4.8.2 permiten a usuarios autentificarse para obtener privilegios a través de un valor $admin para los parametros de administración en una acción de edición de admin/user/user.cgi y otros componentes no especificados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-07-02 First Exploit
  • 2009-07-07 CVE Reserved
  • 2009-07-07 CVE Published
  • 2024-02-15 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sourcefire
Search vendor "Sourcefire"
3d Sensor
Search vendor "Sourcefire" for product "3d Sensor"
<= 4.8.1
Search vendor "Sourcefire" for product "3d Sensor" and version " <= 4.8.1"
-
Affected
Sourcefire
Search vendor "Sourcefire"
3d Sensor
Search vendor "Sourcefire" for product "3d Sensor"
4.8
Search vendor "Sourcefire" for product "3d Sensor" and version "4.8"
-
Affected
Sourcefire
Search vendor "Sourcefire"
3d Sensor
Search vendor "Sourcefire" for product "3d Sensor"
4.8.0.3
Search vendor "Sourcefire" for product "3d Sensor" and version "4.8.0.3"
-
Affected
Sourcefire
Search vendor "Sourcefire"
3d Sensor
Search vendor "Sourcefire" for product "3d Sensor"
4.8.0.4
Search vendor "Sourcefire" for product "3d Sensor" and version "4.8.0.4"
-
Affected
Sourcefire
Search vendor "Sourcefire"
Defense Center
Search vendor "Sourcefire" for product "Defense Center"
<= 4.8.1
Search vendor "Sourcefire" for product "Defense Center" and version " <= 4.8.1"
-
Affected
Sourcefire
Search vendor "Sourcefire"
Defense Center
Search vendor "Sourcefire" for product "Defense Center"
4.8
Search vendor "Sourcefire" for product "Defense Center" and version "4.8"
-
Affected
Sourcefire
Search vendor "Sourcefire"
Defense Center
Search vendor "Sourcefire" for product "Defense Center"
4.8.0.3
Search vendor "Sourcefire" for product "Defense Center" and version "4.8.0.3"
-
Affected
Sourcefire
Search vendor "Sourcefire"
Defense Center
Search vendor "Sourcefire" for product "Defense Center"
4.8.0.4
Search vendor "Sourcefire" for product "Defense Center" and version "4.8.0.4"
-
Affected