Scrutinizer < 10.1.2 Multiple Vulnerabilities

High Nessus Plugin ID 65046

Synopsis

The remote host is running a web application that is affected by multiple vulnerabilities.

Description

The version of Scrutinizer NetFlow and sFlow Analyzer running on the remote host is a version prior to 10.1.2, and is, therefore, potentially affected by the following vulnerabilities :

- A blind SQL injection vulnerability exists because the 'orderby' and 'gadget' parameters of 'fa_web.cgi' fail to properly sanitize user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

- The application is affected by multiple persistent cross-site scripting vulnerabilities in the following parameters / modules :

- 'BBSearchText' - New Board & Policy Manager
- 'Mytab' - Flow Expert
- 'newName' - MyView (CGI)
- 'groupName' - New Users & New Group
- 'username' - New Users & New Group
- 'groupMembers' - Mapping /Maps (CGI)
- 'Type' - Mapping /Maps (CGI)
- 'Checkbox Linklike' - Mapping /Maps (CGI)
- 'indexColumn' - Mapping /Maps (CGI)
- 'name' - Mapping /Maps (CGI)
- 'Object Name' - Mapping /Maps (CGI)
- 'settings groups(checkbox)' - Mapping /Maps (CGI)
- 'Policy Name' - Advanced Filters
- 'Board Name' - Advanced Filters
- 'Violators' - Advanced Filters

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Scrutinizer 10.1.2 or later.

See Also

https://seclists.org/bugtraq/2013/Feb/57

https://seclists.org/bugtraq/2013/Feb/58

http://www.nessus.org/u?92c27f55

Plugin Details

Severity: High

ID: 65046

File Name: scrutinizer_10_1_2.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 2013/03/06

Modified: 2018/11/15

Dependencies: 58992

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:dell:sonicwall_scrutinizer

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/02/10

Vulnerability Publication Date: 2013/02/11

Reference Information

BID: 57914, 57949

EDB-ID: 24496, 24500

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990