Details of VAR-201505-0147

ID

VAR-201505-0147

CVE

CVE-2015-2248

TITLE

Dell SonicWALL Secure Remote Access Product firmware user portal cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002534

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Dell SonicWall Secure Remote Access (SRA) is a SonicWALL secure remote access series device in a Dell SonicWall secure mobile access solution of Dell (Dell)

Trust: 1.98

sources: NVD: CVE-2015-2248 // JVNDB: JVNDB-2015-002534 // BID: 73098 // VULHUB: VHN-80209

AFFECTED PRODUCTS

vendor:	dell	model:	sonicwall secure remote access	scope:	eq	version:	8.0.0.1-16sv	Trust: 1.4
vendor:	sonicwall	model:	remote access	scope:	lt	version:	7.5.1.0-38sv	Trust: 1.0
vendor:	sonicwall	model:	remote access	scope:	lt	version:	8.0.0.1-16sv	Trust: 1.0
vendor:	sonicwall	model:	remote access	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	dell	model:	sonicwall secure remote access	scope:	lt	version:	8.x	Trust: 0.8
vendor:	dell	model:	sonicwall secure remote access	scope:	eq	version:	7.5.1.0-38sv	Trust: 0.6
vendor:	dell	model:	sonicwall secure remote access	scope:	eq	version:	8.0	Trust: 0.3
vendor:	dell	model:	sonicwall secure remote access	scope:	eq	version:	7.5	Trust: 0.3
vendor:	dell	model:	sonicwall secure remote access 8.0.0.1-16sv	scope:	ne	version:	-	Trust: 0.3
vendor:	dell	model:	sonicwall secure remote access 7.5.1.0-38sv	scope:	ne	version:	-	Trust: 0.3

sources: BID: 73098 // JVNDB: JVNDB-2015-002534 // CNNVD: CNNVD-201505-009 // NVD: CVE-2015-2248

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-2248
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-2248
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-009
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-80209
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-2248
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-80209
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-80209 // JVNDB: JVNDB-2015-002534 // CNNVD: CNNVD-201505-009 // NVD: CVE-2015-2248

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-80209 // JVNDB: JVNDB-2015-002534 // NVD: CVE-2015-2248

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-009

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201505-009

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002534

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-80209

PATCH

title:

Dell SonicWALL Notice Concerning Cross-site Request Forgery (CSRF) Vulnerability (CVE-2015-2248)

url:

https://support.software.dell.com/product-notification/151370?productName=SonicWALL%20SRA%20Series

Trust: 0.8

sources: JVNDB: JVNDB-2015-002534

EXTERNAL IDS

db:	NVD	id:	CVE-2015-2248	Trust: 2.8
db:	VULDB	id:	75111	Trust: 2.5
db:	BID	id:	73098	Trust: 1.4
db:	PACKETSTORM	id:	131762	Trust: 1.1
db:	EXPLOIT-DB	id:	36940	Trust: 1.1
db:	SECTRACK	id:	1032227	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002534	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-009	Trust: 0.7
db:	VULHUB	id:	VHN-80209	Trust: 0.1

sources: VULHUB: VHN-80209 // BID: 73098 // JVNDB: JVNDB-2015-002534 // CNNVD: CNNVD-201505-009 // NVD: CVE-2015-2248

REFERENCES

url:	http://www.scip.ch/en/?vuldb.75111	Trust: 2.5
url:	https://support.software.dell.com/product-notification/151370?productname=sonicwall%20sra%20series	Trust: 2.0
url:	http://www.securityfocus.com/bid/73098	Trust: 1.1
url:	https://www.exploit-db.com/exploits/36940/	Trust: 1.1
url:	http://packetstormsecurity.com/files/131762/dell-sonicwall-secure-remote-access-7.5-8.0-csrf.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1032227	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2248	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2248	Trust: 0.8
url:	http://www.sonicwall.com/us/en/products/sra-series.html	Trust: 0.3

sources: VULHUB: VHN-80209 // BID: 73098 // JVNDB: JVNDB-2015-002534 // CNNVD: CNNVD-201505-009 // NVD: CVE-2015-2248

CREDITS

Veit Hailperin

Trust: 0.3

sources: BID: 73098

SOURCES

db:	VULHUB	id:	VHN-80209
db:	BID	id:	73098
db:	JVNDB	id:	JVNDB-2015-002534
db:	CNNVD	id:	CNNVD-201505-009
db:	NVD	id:	CVE-2015-2248

LAST UPDATE DATE

2025-04-13T23:09:54.568000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-80209	date:	2018-03-12T00:00:00
db:	BID	id:	73098	date:	2015-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002534	date:	2015-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201505-009	date:	2015-05-04T00:00:00
db:	NVD	id:	CVE-2015-2248	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-80209	date:	2015-05-01T00:00:00
db:	BID	id:	73098	date:	2015-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002534	date:	2015-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201505-009	date:	2015-05-04T00:00:00
db:	NVD	id:	CVE-2015-2248	date:	2015-05-01T15:59:04.803