ID

VAR-201209-0587


CVE

CVE-2011-5169


TITLE

SonicWall Viewpoint 'scheduleID' Parameter SQL Injection Vulnerability

Trust: 0.9

sources: BID: 49906 // CNNVD: CNNVD-201110-374

DESCRIPTION

SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. SonicWall Viewpoint is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Viewpoint 6.0 SP2 is vulnerable; other versions may also be affected. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs

Trust: 1.98

sources: NVD: CVE-2011-5169 // JVNDB: JVNDB-2011-005158 // BID: 49906 // VULHUB: VHN-53114

AFFECTED PRODUCTS

vendor:dellmodel:sonicwall viewpointscope:eqversion:6.0

Trust: 1.6

vendor:dellmodel:sonicwall viewpointscope:eqversion:6.0 sp2

Trust: 0.8

vendor:sonicwallmodel:viewpoint sp2scope:eqversion:6.0

Trust: 0.3

sources: BID: 49906 // JVNDB: JVNDB-2011-005158 // CNNVD: CNNVD-201110-374 // NVD: CVE-2011-5169

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-5169
value: HIGH

Trust: 1.0

NVD: CVE-2011-5169
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201110-374
value: HIGH

Trust: 0.6

VULHUB: VHN-53114
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-5169
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-53114
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-53114 // JVNDB: JVNDB-2011-005158 // CNNVD: CNNVD-201110-374 // NVD: CVE-2011-5169

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-53114 // JVNDB: JVNDB-2011-005158 // NVD: CVE-2011-5169

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-374

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201110-374

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005158

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-53114

PATCH

title:SonicWALL GMS/ViewPoint/UMA 6.0.2 Hotfix 104767 Release Notesurl:http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=RN&id=379

Trust: 0.8

sources: JVNDB: JVNDB-2011-005158

EXTERNAL IDS

db:NVDid:CVE-2011-5169

Trust: 2.8

db:BIDid:49906

Trust: 2.0

db:JVNDBid:JVNDB-2011-005158

Trust: 0.8

db:CNNVDid:CNNVD-201110-374

Trust: 0.7

db:NSFOCUSid:20898

Trust: 0.6

db:BUGTRAQid:20111002 SONICWALL VIEWPOINT V6.0 SP2 - SQL INJECTION VULNERABILITY

Trust: 0.6

db:EXPLOIT-DBid:36196

Trust: 0.1

db:VULHUBid:VHN-53114

Trust: 0.1

sources: VULHUB: VHN-53114 // BID: 49906 // JVNDB: JVNDB-2011-005158 // CNNVD: CNNVD-201110-374 // NVD: CVE-2011-5169

REFERENCES

url:http://www.securityfocus.com/bid/49906

Trust: 1.7

url:http://www.vulnerability-lab.com/get_content.php?id=196

Trust: 1.7

url:http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=rn&id=379

Trust: 1.6

url:http://www.securityfocus.com/archive/1/519983/100/0/threaded

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5169

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5169

Trust: 0.8

url:http://www.securityfocus.com/archive/1/archive/1/519983/100/0/threaded

Trust: 0.6

url:http://www.nsfocus.net/vulndb/20898

Trust: 0.6

url:http://www.sonicwall.com

Trust: 0.3

url:http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=rn&id=379

Trust: 0.1

sources: VULHUB: VHN-53114 // BID: 49906 // JVNDB: JVNDB-2011-005158 // CNNVD: CNNVD-201110-374 // NVD: CVE-2011-5169

CREDITS

Benjamin Kunz Mejri (Rem0ve) and Pim J.F. Campers (X4lt)

Trust: 0.9

sources: BID: 49906 // CNNVD: CNNVD-201110-374

SOURCES

db:VULHUBid:VHN-53114
db:BIDid:49906
db:JVNDBid:JVNDB-2011-005158
db:CNNVDid:CNNVD-201110-374
db:NVDid:CVE-2011-5169

LAST UPDATE DATE

2024-11-23T22:02:33.406000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-53114date:2018-10-09T00:00:00
db:BIDid:49906date:2015-03-19T07:35:00
db:JVNDBid:JVNDB-2011-005158date:2012-09-19T00:00:00
db:CNNVDid:CNNVD-201110-374date:2011-10-18T00:00:00
db:NVDid:CVE-2011-5169date:2024-11-21T01:33:48.343

SOURCES RELEASE DATE

db:VULHUBid:VHN-53114date:2012-09-15T00:00:00
db:BIDid:49906date:2011-10-02T00:00:00
db:JVNDBid:JVNDB-2011-005158date:2012-09-19T00:00:00
db:CNNVDid:CNNVD-201110-374date:1900-01-01T00:00:00
db:NVDid:CVE-2011-5169date:2012-09-15T17:55:05.317