CVE-2012-2627 — HIGH (9.4) — White Hats Nepal

Q: How severe is CVE-2012-2627?

CVE-2012-2627 has been rated HIGH with a CVSS base score of 9.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-2627?

Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Scrutinizer.

Vulnerability Description

d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.

CVSS Score

9.4

HIGH

AV:N/AC:L/Au:N/C:N/I:C/A:C

Confidentiality

NONE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Sonicwall	Scrutinizer	< 9.5.0

References

http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.htmlBroken Link
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txtThird Party Advisory
http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.htmlBroken Link
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txtThird Party Advisory

FAQ

What is CVE-2012-2627?

CVE-2012-2627 is a vulnerability with a CVSS score of 9.4 (HIGH). d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snm...

How severe is CVE-2012-2627?

CVE-2012-2627 has been rated HIGH with a CVSS base score of 9.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2627?

Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Scrutinizer.