CVE-2014-9610

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Средний

Описание

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.

Ссылки

http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/37929/
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/37929/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*

Версия до 3.1.9 (включая)

cpe:2.3:a:netsweeper:netsweeper:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13362

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-vv34-j6v2-r4p7