Authentication Bypass in Plixer Scrutinizer Web Console
CVE-2012-2626

Currently unrated

Key Information:

Vendor
Sonicwall
Status
Scrutinizer
Vendor
CVE Published:
31 July 2012

Summary

The web console in Plixer Scrutinizer prior to version 9.5.0 contains a vulnerability where the cgi-bin/admin.cgi does not require proper token authentication. This oversight allows remote attackers to gain unauthorized administrative access through malicious user preferences actions. Such an exploit could lead to the addition of unauthorized administrative accounts, posing a significant security risk for users relying on the Scrutinizer platform.

References

https://www.trustwave.com/spiderlabs/advisories/TWSL2012-...
x_refsource_MISC
http://www.plixer.com/Press-Releases/plixer-releases-9-5-...
x_refsource_MISC

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.