Sign-up

ID

VAR-201407-0174


CVE

CVE-2014-4976


TITLE

Dell SonicWall Scrutinizer Vulnerable to changing user password

Trust: 0.8

sources: JVNDB: JVNDB-2014-003367

DESCRIPTION

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including: 1. A privilege-escalation vulnerability 2. Multiple SQL-injection vulnerabilities Attackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting

Trust: 1.98

sources: NVD: CVE-2014-4976 // JVNDB: JVNDB-2014-003367 // BID: 68495 // VULHUB: VHN-72917

AFFECTED PRODUCTS

vendor:sonicwallmodel:scrutinizerscope:eqversion:11.0.1

Trust: 1.6

vendor:dellmodel:sonicwall scrutinizerscope:eqversion:11.0.1

Trust: 0.8

sources: JVNDB: JVNDB-2014-003367 // CNNVD: CNNVD-201407-364 // NVD: CVE-2014-4976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4976
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4976
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-364
value: MEDIUM

Trust: 0.6

VULHUB: VHN-72917
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4976
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-72917
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-72917 // JVNDB: JVNDB-2014-003367 // CNNVD: CNNVD-201407-364 // NVD: CVE-2014-4976

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-72917 // JVNDB: JVNDB-2014-003367 // NVD: CVE-2014-4976

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-364

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201407-364

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003367

PATCH
title:Dell SonicWALL Scrutinizerurl:http://www.dell.com/jp/business/p/sonicwall-scrutinizer/pd?dgc=ST&cid=33282&lid=4254676&acd=10591620522341418
Trust: 0.8
title:Scrutinizerurl:http://www.sonicwall.com/us/en/support/6632.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003367

EXTERNAL IDS
db:NVDid:CVE-2014-4976
Trust: 2.8
db:PACKETSTORMid:127429
Trust: 2.5
db:BIDid:68495
Trust: 2.0
db:JVNDBid:JVNDB-2014-003367
Trust: 0.8
db:CNNVDid:CNNVD-201407-364
Trust: 0.7
db:XFid:94438
Trust: 0.6
db:VULHUBid:VHN-72917
Trust: 0.1
sources:
            
            
            VULHUB: VHN-72917 // 
            
            
            
            BID: 68495 // 
            
            
            
            JVNDB: JVNDB-2014-003367 // 
            
            
            
            CNNVD: CNNVD-201407-364 // 
            
            
            
            NVD: CVE-2014-4976

REFERENCES
url:http://packetstormsecurity.com/files/127429/dell-sonicwall-scrutinizer-11.01-code-execution-sql-injection.html
Trust: 2.5
url:http://www.securityfocus.com/bid/68495
Trust: 1.7
url:http://seclists.org/fulldisclosure/2014/jul/44
Trust: 1.7
url:https://gist.github.com/brandonprry/36b4b8df1cde279a9305
Trust: 1.7
url:https://gist.github.com/brandonprry/76741d9a0d4f518fe297
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94438
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4976
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4976
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/94438
Trust: 0.6
sources:
            
            
            VULHUB: VHN-72917 // 
            
            
            
            JVNDB: JVNDB-2014-003367 // 
            
            
            
            CNNVD: CNNVD-201407-364 // 
            
            
            
            NVD: CVE-2014-4976

CREDITS
Brandon Perry
Trust: 0.3
sources:
            
            
            BID: 68495

SOURCES
db:VULHUBid:VHN-72917
db:BIDid:68495
db:JVNDBid:JVNDB-2014-003367
db:CNNVDid:CNNVD-201407-364
db:NVDid:CVE-2014-4976

LAST UPDATE DATE
2025-04-13T23:04:58.451000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-72917date:2018-03-12T00:00:00
db:BIDid:68495date:2014-07-24T00:09:00
db:JVNDBid:JVNDB-2014-003367date:2014-07-17T00:00:00
db:CNNVDid:CNNVD-201407-364date:2014-07-17T00:00:00
db:NVDid:CVE-2014-4976date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-72917date:2014-07-16T00:00:00
db:BIDid:68495date:2014-07-10T00:00:00
db:JVNDBid:JVNDB-2014-003367date:2014-07-17T00:00:00
db:CNNVDid:CNNVD-201407-364date:2014-07-17T00:00:00
db:NVDid:CVE-2014-4976date:2014-07-16T14:19:04.323