Описание
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
Ссылки
- Broken LinkThird Party Advisory
- ExploitThird Party Advisory
- Broken LinkThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.5.0 (исключая)
cpe:2.3:a:sonicwall:scrutinizer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.75978
Высокий
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
EPSS
Процентиль: 99%
0.75978
Высокий
5 Medium
CVSS2
Дефекты
CWE-287