Sign-up

ID

VAR-201403-0536


CVE

CVE-2014-2589


TITLE

SonicWall Network Security Appliance 2400 of Dashboard Backend Cross-site scripting vulnerability in services

Trust: 0.8

sources: JVNDB: JVNDB-2014-001778

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Dell SonicWALL Network Security Appliance (NSA) 2400 is vulnerable; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2014-2589 // JVNDB: JVNDB-2014-001778 // BID: 66042 // VULHUB: VHN-70528

AFFECTED PRODUCTS

vendor:sonicwallmodel:nsa 2400scope:eqversion: -

Trust: 1.0

vendor:dellmodel:sonicwall network security appliance 2400scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:network security appliance 2400scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2014-001778 // CNNVD: CNNVD-201403-171 // NVD: CVE-2014-2589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2589
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2589
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201403-171
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70528
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2589
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70528
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70528 // JVNDB: JVNDB-2014-001778 // CNNVD: CNNVD-201403-171 // NVD: CVE-2014-2589

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-70528 // JVNDB: JVNDB-2014-001778 // NVD: CVE-2014-2589

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-171

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201403-171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001778

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-70528

PATCH
title:NSA 2400 Network Security Applianceurl:https://www.sonicwall.com/us/en/products/NSA-2400.html
Trust: 0.8
title:Dell SonicWALL NSA 2400‘stats/dashboard.jsp’ Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196574
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-001778 // 
            
            
            
            CNNVD: CNNVD-201403-171

EXTERNAL IDS
db:NVDid:CVE-2014-2589
Trust: 2.8
db:OSVDBid:104089
Trust: 2.5
db:BIDid:66042
Trust: 2.0
db:SECTRACKid:1029884
Trust: 1.7
db:SECUNIAid:57275
Trust: 1.7
db:JVNDBid:JVNDB-2014-001778
Trust: 0.8
db:CNNVDid:CNNVD-201403-171
Trust: 0.7
db:VULHUBid:VHN-70528
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70528 // 
            
            
            
            BID: 66042 // 
            
            
            
            JVNDB: JVNDB-2014-001778 // 
            
            
            
            CNNVD: CNNVD-201403-171 // 
            
            
            
            NVD: CVE-2014-2589

REFERENCES
url:http://www.vulnerability-lab.com/get_content.php?id=1100
Trust: 2.5
url:http://www.osvdb.org/104089
Trust: 2.5
url:http://www.securityfocus.com/bid/66042
Trust: 1.7
url:http://www.securityfocus.com/archive/1/531364/100/0/threaded
Trust: 1.7
url:http://www.securitytracker.com/id/1029884
Trust: 1.7
url:http://secunia.com/advisories/57275
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/91766
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2589
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2589
Trust: 0.8
sources:
            
            
            VULHUB: VHN-70528 // 
            
            
            
            JVNDB: JVNDB-2014-001778 // 
            
            
            
            CNNVD: CNNVD-201403-171 // 
            
            
            
            NVD: CVE-2014-2589

CREDITS
Benjamin Kunz Mejri
Trust: 0.9
sources:
            
            
            BID: 66042 // 
            
            
            
            CNNVD: CNNVD-201403-171

SOURCES
db:VULHUBid:VHN-70528
db:BIDid:66042
db:JVNDBid:JVNDB-2014-001778
db:CNNVDid:CNNVD-201403-171
db:NVDid:CVE-2014-2589

LAST UPDATE DATE
2025-04-13T23:37:40.503000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70528date:2022-12-02T00:00:00
db:BIDid:66042date:2015-03-19T09:32:00
db:JVNDBid:JVNDB-2014-001778date:2014-03-25T00:00:00
db:CNNVDid:CNNVD-201403-171date:2022-06-17T00:00:00
db:NVDid:CVE-2014-2589date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-70528date:2014-03-24T00:00:00
db:BIDid:66042date:2014-03-06T00:00:00
db:JVNDBid:JVNDB-2014-001778date:2014-03-25T00:00:00
db:CNNVDid:CNNVD-201403-171date:2014-03-11T00:00:00
db:NVDid:CVE-2014-2589date:2014-03-24T16:39:00.353