CVE-2014-4976

EUVD-2014-4891
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
sonicwallscrutinizer
11.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Jul/44
http://www.securityfocus.com/bid/68495
https://exchange.xforce.ibmcloud.com/vulnerabilities/94438
https://gist.github.com/brandonprry/36b4b8df1cde279a9305
https://gist.github.com/brandonprry/76741d9a0d4f518fe297
http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Jul/44
http://www.securityfocus.com/bid/68495
https://exchange.xforce.ibmcloud.com/vulnerabilities/94438
https://gist.github.com/brandonprry/36b4b8df1cde279a9305
https://gist.github.com/brandonprry/76741d9a0d4f518fe297