CVE-2012-3951 - Vulnerability Details - OpenCVE

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sonicwall	Scrutinizer

Configuration 1 [-]

cpe:2.3:a:sonicwall:scrutinizer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-07-31T10:00:00Z

Updated: 2024-09-17T03:07:09.522Z

Reserved: 2012-07-10T00:00:00Z

Link: CVE-2012-3951

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-07-31T10:45:42.763

Modified: 2024-11-21T01:41:50.787

Link: CVE-2012-3951

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-31T10:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3951", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt", "refsource": "MISC", "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"}, {"name": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html", "refsource": "MISC", "url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:21:04.210Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-3951", "datePublished": "2012-07-31T10:00:00Z", "dateReserved": "2012-07-10T00:00:00Z", "dateUpdated": "2024-09-17T03:07:09.522Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:scrutinizer:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B289171-C4A1-4221-9B31-253ED41FA4EB", "versionEndIncluding": "9.0.1.19899", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session."}, {"lang": "es", "value": "El componente MySQL en Plixer Scrutinizer (tambi\u00e9n conocido como Dell SonicWALL Scrutinizer) v9.0.1.19899 y anteiores tiene una contrase\u00f1a por defecto para el admin en (1) scrutinizer y (2) cuentas scrutremote, lo que permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de una sesi\u00f3n TCP."}], "id": "CVE-2012-3951", "lastModified": "2024-11-21T01:41:50.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-31T10:45:42.763", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}