CVE-2014-9618

Published Sep 19, 2017

Last updated 7 years ago

CVSS critical 9.8

Overview

Description: The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E3B7E1C-F17D-4F06-BE0E-BB85ED27BC7F",
            "versionEndIncluding": "3.1.9"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81B828E4-6412-4C36-90B1-6B0B12AF8244"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED3F5E81-E004-4CCC-8192-07B049150E08"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "096D7C2F-A4DB-46EF-9454-C367B67394A0"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F8A4562-63E3-48FE-9059-68FB49F98CDD"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F20F7BD6-E5DC-4152-AC46-5AE072BB1BA4"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB3655FD-506C-4280-8465-FE37A273213E"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F85BE6F9-A893-4094-B334-A1AC4B9B8FC9"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1007AE96-2029-4CAB-9C4A-15B2F3140CC7"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08A480FD-B6AD-4682-9D18-B36C18E627FD"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B821D07-C4ED-448B-8DCF-AA2B01CC0F31"
          },
          {
            "criteria": "cpe:2.3:a:netsweeper:netsweeper:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "399403BA-38EE-4A95-AEAC-9614E79F6274"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References