// For flags

CVE-2012-2626

Scrutinizer 9.0.1.19899 - HTTP Authentication Bypass

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.

cgi-bin/admin.cgi en la consola web Plixer Scrutinizer (también conocido como Dell SonicWALL Scrutinizer) anterior a v9.5.0 no requiere la autenticación de token, lo que permite a atacantes remotos agregar las cuentas administrativas a través de una acción userprefs.

Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-05-11 CVE Reserved
  • 2012-07-29 CVE Published
  • 2012-07-30 First Exploit
  • 2024-09-16 CVE Updated
  • 2024-10-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sonicwall
Search vendor "Sonicwall"
 Scrutinizer
Search vendor "Sonicwall" for product "Scrutinizer"
 < 9.5.0
Search vendor "Sonicwall" for product "Scrutinizer" and version " < 9.5.0"
-
Affected