Sign-up

ID

VAR-201209-0587


CVE

CVE-2011-5169


TITLE

SonicWall Viewpoint 'scheduleID' Parameter SQL Injection Vulnerability

Trust: 0.9

sources: BID: 49906 // CNNVD: CNNVD-201110-374

DESCRIPTION

SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. SonicWall Viewpoint is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Viewpoint 6.0 SP2 is vulnerable; other versions may also be affected. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs

Trust: 1.98

sources: NVD: CVE-2011-5169 // JVNDB: JVNDB-2011-005158 // BID: 49906 // VULHUB: VHN-53114

AFFECTED PRODUCTS

vendor:dellmodel:sonicwall viewpointscope:eqversion:6.0

Trust: 1.6

vendor:dellmodel:sonicwall viewpointscope:eqversion:6.0 sp2

Trust: 0.8

vendor:sonicwallmodel:viewpoint sp2scope:eqversion:6.0

Trust: 0.3

sources: BID: 49906 // JVNDB: JVNDB-2011-005158 // CNNVD: CNNVD-201110-374 // NVD: CVE-2011-5169

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-5169
value: HIGH

Trust: 1.0

NVD: CVE-2011-5169
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201110-374
value: HIGH

Trust: 0.6

VULHUB: VHN-53114
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-5169
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-53114
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-53114 // JVNDB: JVNDB-2011-005158 // CNNVD: CNNVD-201110-374 // NVD: CVE-2011-5169

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-53114 // JVNDB: JVNDB-2011-005158 // NVD: CVE-2011-5169

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-374

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201110-374

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-005158

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-53114

PATCH
title:SonicWALL GMS/ViewPoint/UMA 6.0.2 Hotfix 104767 Release Notesurl:http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=RN&id=379
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-005158

EXTERNAL IDS
db:NVDid:CVE-2011-5169
Trust: 2.8
db:BIDid:49906
Trust: 2.0
db:JVNDBid:JVNDB-2011-005158
Trust: 0.8
db:CNNVDid:CNNVD-201110-374
Trust: 0.7
db:NSFOCUSid:20898
Trust: 0.6
db:BUGTRAQid:20111002 SONICWALL VIEWPOINT V6.0 SP2 - SQL INJECTION VULNERABILITY
Trust: 0.6
db:EXPLOIT-DBid:36196
Trust: 0.1
db:VULHUBid:VHN-53114
Trust: 0.1
sources:
            
            
            VULHUB: VHN-53114 // 
            
            
            
            BID: 49906 // 
            
            
            
            JVNDB: JVNDB-2011-005158 // 
            
            
            
            CNNVD: CNNVD-201110-374 // 
            
            
            
            NVD: CVE-2011-5169

REFERENCES
url:http://www.securityfocus.com/bid/49906
Trust: 1.7
url:http://www.vulnerability-lab.com/get_content.php?id=196
Trust: 1.7
url:http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=rn&id=379
Trust: 1.6
url:http://www.securityfocus.com/archive/1/519983/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5169
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5169
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/519983/100/0/threaded
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20898
Trust: 0.6
url:http://www.sonicwall.com
Trust: 0.3
url:http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=rn&id=379
Trust: 0.1
sources:
            
            
            VULHUB: VHN-53114 // 
            
            
            
            BID: 49906 // 
            
            
            
            JVNDB: JVNDB-2011-005158 // 
            
            
            
            CNNVD: CNNVD-201110-374 // 
            
            
            
            NVD: CVE-2011-5169

CREDITS
Benjamin Kunz Mejri (Rem0ve) and Pim J.F. Campers (X4lt)
Trust: 0.9
sources:
            
            
            BID: 49906 // 
            
            
            
            CNNVD: CNNVD-201110-374

SOURCES
db:VULHUBid:VHN-53114
db:BIDid:49906
db:JVNDBid:JVNDB-2011-005158
db:CNNVDid:CNNVD-201110-374
db:NVDid:CVE-2011-5169

LAST UPDATE DATE
2024-08-14T14:34:27.567000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-53114date:2018-10-09T00:00:00
db:BIDid:49906date:2015-03-19T07:35:00
db:JVNDBid:JVNDB-2011-005158date:2012-09-19T00:00:00
db:CNNVDid:CNNVD-201110-374date:2011-10-18T00:00:00
db:NVDid:CVE-2011-5169date:2018-10-09T19:33:44.840

SOURCES RELEASE DATE
db:VULHUBid:VHN-53114date:2012-09-15T00:00:00
db:BIDid:49906date:2011-10-02T00:00:00
db:JVNDBid:JVNDB-2011-005158date:2012-09-19T00:00:00
db:CNNVDid:CNNVD-201110-374date:1900-01-01T00:00:00
db:NVDid:CVE-2011-5169date:2012-09-15T17:55:05.317