Vulnerability Description
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Xcs | 9.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-CoExploit
- http://packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-ExecutExploit
- http://www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_execExploit
- http://www.security-assessment.com/files/documents/advisory/Watchguard-XCS-finalExploit
- http://www.securityfocus.com/bid/75516
- http://www.watchguard.com/support/release-notes/xcs/10/en-US/EN_Release_Notes_XCVendor Advisory
- http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_Vendor Advisory
- https://www.exploit-db.com/exploits/38346/Exploit
- http://packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-CoExploit
- http://packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-ExecutExploit
- http://www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_execExploit
- http://www.security-assessment.com/files/documents/advisory/Watchguard-XCS-finalExploit
- http://www.securityfocus.com/bid/75516
- http://www.watchguard.com/support/release-notes/xcs/10/en-US/EN_Release_Notes_XCVendor Advisory
- http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_Vendor Advisory
FAQ
What is CVE-2015-5452?
CVE-2015-5452 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/...
How severe is CVE-2015-5452?
CVE-2015-5452 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5452?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Xcs.