Vulnerability Description
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Plixer | Scrutinizer Netflow \& Sflow Analyzer | < 9.0.1.19899 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-ExploitThird Party Advisory
- http://www.exploit-db.com/exploits/18750ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/52989Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74824VDB Entry
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-mulThird Party Advisory
- http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-ExploitThird Party Advisory
- http://www.exploit-db.com/exploits/18750ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/52989Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74824VDB Entry
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-mulThird Party Advisory
FAQ
What is CVE-2012-1258?
CVE-2012-1258 is a vulnerability with a CVSS score of 6.5 (MEDIUM). cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with adminis...
How severe is CVE-2012-1258?
CVE-2012-1258 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1258?
Check the references section above for vendor advisories and patch information. Affected products include: Plixer Scrutinizer Netflow \& Sflow Analyzer.