exploitDog

CVE-2012-3951

Опубликовано: 31 июл. 2012

Источник: nvd

CVSS2: 7.5

EPSS Высокий

Описание

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.

Ссылки

http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
Third Party Advisory
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt
Exploit
Third Party Advisory
http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
Third Party Advisory
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sonicwall:scrutinizer:*:*:*:*:*:*:*:*

Версия до 9.0.1.19899 (включая)

EPSS

Процентиль: 99%

0.79501

Высокий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-99qq-2xp2-g5wf

github

больше 3 лет назад

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.

EPSS

Процентиль: 99%

0.79501

Высокий

7.5 High

CVSS2

Дефекты

CWE-89