CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-2626

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.76

EPSS Ranking 98.8%

CVSS Severity

CVSS v2 Score 5.0

References

http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt
http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

Products affected by CVE-2012-2626

Sonicwall » Scrutinizer » Version: 8.6.2

cpe:2.3:a:sonicwall:scrutinizer:8.6.2
Sonicwall » Scrutinizer » Version: 9.0.0

cpe:2.3:a:sonicwall:scrutinizer:9.0.0
Sonicwall » Scrutinizer » Version: 9.0.1

cpe:2.3:a:sonicwall:scrutinizer:9.0.1
Sonicwall » Scrutinizer » Version: 9.0.1.19899

cpe:2.3:a:sonicwall:scrutinizer:9.0.1.19899

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-2626

Products

Pricing

Contact Us