Authentication Bypass in Plixer Scrutinizer Web Console
CVE-2012-2626

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Scrutinizer
Vendor: CVE Published:; 31 July 2012

What is CVE-2012-2626?

The web console in Plixer Scrutinizer prior to version 9.5.0 contains a vulnerability where the cgi-bin/admin.cgi does not require proper token authentication. This oversight allows remote attackers to gain unauthorized administrative access through malicious user preferences actions. Such an exploit could lead to the addition of unauthorized administrative accounts, posing a significant security risk for users relying on the Scrutinizer platform.

References

https://www.trustwave.com/spiderlabs/advisories/TWSL2012-...

x_refsource_MISC

http://www.plixer.com/Press-Releases/plixer-releases-9-5-...

x_refsource_MISC

EPSS Score

75% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 31, 2012

Sonicwall

What is CVE-2012-2626?

References

EPSS Score

Timeline