Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sourcefire 3D Sensor和Defense Center user.cgi权限提升漏洞
Vulnerability Description
Sourcefire 3D Sensor和Defense Center都是流行的网络入侵保护系统 。 3D Sensor和Defense Center的web管理界面存在权限提升漏洞,允许任意本地账号获得设备的管理员角色。尽管user.cgi PERL脚本正确地验证了入站请求属于已认证的会话,在这种情况下没有考虑请求发起者的角色而盲目的给予了读写访问,因此即使是最低访问级别的用户(如没有配置任何角色的用户)也可以将其提升为管理员并随意更改其他角色或账号参数 。
CVSS Information
N/A
Vulnerability Type
N/A