Remote Password Change Vulnerability in Dell SonicWall Scrutinizer
CVE-2014-4976

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Scrutinizer
Vendor: CVE Published:; 16 July 2014

Summary

Dell SonicWall Scrutinizer version 11.0.1 is susceptible to an issue where remote authenticated users can exploit a flaw in the password change process. By manipulating the user ID within the 'savePrefs' parameter during a request to 'cgi-bin/admin.cgi', an attacker can change user passwords without proper authorization. This oversight can compromise user accounts, leading to unauthorized access and potential abuse of the network system.

References

http://seclists.org/fulldisclosure/2014/Jul/44

mailing-listx_refsource_FULLDISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/94438

vdb-entryx_refsource_XF

http://packetstormsecurity.com/files/127429/Dell-Sonicwal...

x_refsource_MISC

Timeline

Vulnerability published
Jul 16, 2014
Vulnerability Reserved
Jul 16, 2014