VAR-201407-0175
Vulnerability from variot - Updated: 2023-12-18 12:38Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including: 1. A privilege-escalation vulnerability 2. Multiple SQL-injection vulnerabilities Attackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scrutinizer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "11.0.1"
},
{
"model": "sonicwall scrutinizer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "11.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:scrutinizer:11.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brandon Perry",
"sources": [
{
"db": "BID",
"id": "68495"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-4977",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-72918",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4977",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72918",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including:\n1. A privilege-escalation vulnerability\n2. Multiple SQL-injection vulnerabilities\nAttackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "VULHUB",
"id": "VHN-72918"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-72918",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4977",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "127429",
"trust": 2.5
},
{
"db": "BID",
"id": "68495",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "137098",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "39836",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365",
"trust": 0.7
},
{
"db": "XF",
"id": "94439",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72918",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
]
},
"id": "VAR-201407-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:38:14.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL Scrutinizer",
"trust": 0.8,
"url": "http://www.dell.com/jp/business/p/sonicwall-scrutinizer/pd?dgc=st\u0026cid=33282\u0026lid=4254676\u0026acd=10591620522341418"
},
{
"title": "Scrutinizer",
"trust": 0.8,
"url": "http://www.sonicwall.com/us/en/support/6632.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/127429/dell-sonicwall-scrutinizer-11.01-code-execution-sql-injection.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68495"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/jul/44"
},
{
"trust": 1.7,
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"trust": 1.7,
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39836/"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/137098/dell-sonicwall-scrutinizer-11.01-methoddetail-sql-injection.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4977"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4977"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/94439"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72918"
},
{
"db": "BID",
"id": "68495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-72918"
},
{
"date": "2014-07-10T00:00:00",
"db": "BID",
"id": "68495"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"date": "2014-07-16T14:19:04.370000",
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-72918"
},
{
"date": "2014-07-24T00:09:00",
"db": "BID",
"id": "68495"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003368"
},
{
"date": "2018-03-12T17:23:58.633000",
"db": "NVD",
"id": "CVE-2014-4977"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SonicWall Scrutinizer In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003368"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-365"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…