Vulnerability in Sonicwall Scrutinizer

CVE-2014-4976

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.

EPSS: 0.031 (87.1th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Scrutinizer — versions 11.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20140710 Dell Scrutinizer 11.01 multiple vulnerabilities (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
dell-scrutinizer-admin-sec-bypass(94438) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
68495 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)