// For flags

CVE-2012-2627

Scrutinizer 9.0.1.19899 - Arbitrary File Upload

Severity Score

9.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.

d4d/uploader.php en la consola web Plixer Scrutinizer (también conocido como Dell SonicWALL Scrutinizer) anterior a v9.5.0 permite a atacantes remotos crear o sobreescribir archivos arbitrarios en %PROGRAMFILES%\Scrutinizer\snmp\mibs\ a través de una solicitud POST multipart/form-data

Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-05-11 CVE Reserved
  • 2012-07-29 CVE Published
  • 2012-07-30 First Exploit
  • 2024-09-16 CVE Updated
  • 2024-10-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sonicwall
Search vendor "Sonicwall"
 Scrutinizer
Search vendor "Sonicwall" for product "Scrutinizer"
 < 9.5.0
Search vendor "Sonicwall" for product "Scrutinizer" and version " < 9.5.0"
-
Affected