Sign-up

ID

VAR-201402-0269


CVE

CVE-2014-0332


TITLE

DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability

Trust: 0.8

sources: CERT/CC: VU#727318

DESCRIPTION

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. (CWE-79). DELL Provided by SonicWALL GMS/Analyzer/UMA Contains a cross-site scripting vulnerability. DELL Provided by SonicWALL GMS/Analyzer/UMA In /sgms/mainPage of node_id There is a problem with parameter processing and cross-site scripting (CWE-79) Vulnerabilities exist. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') http://cwe.mitre.org/data/definitions/79.htmlAn arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products prior to version 7.1 SP1 are vulnerable: Dell SonicWALL Global Management System Dell SonicWALL Analyzer Dell SonicWALL Universal Management Appliance E5000. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software

Trust: 2.7

sources: NVD: CVE-2014-0332 // CERT/CC: VU#727318 // JVNDB: JVNDB-2014-001394 // BID: 65498 // VULHUB: VHN-67825

AFFECTED PRODUCTS

vendor:sonicwallmodel:analyzerscope:eqversion:7.1

Trust: 1.6

vendor:sonicwallmodel:analyzerscope:eqversion:7.0

Trust: 1.6

vendor:sonicwallmodel:global management systemscope:eqversion:7.1

Trust: 1.6

vendor:sonicwallmodel:global management systemscope:eqversion:7.0

Trust: 1.6

vendor:dell computermodel: - scope: - version: -

Trust: 0.8

vendor:dellmodel:sonicwall analyzerscope:lteversion:vesion 7.1 sp1

Trust: 0.8

vendor:dellmodel:sonicwall global management systemscope:lteversion:vesion 7.1 sp1

Trust: 0.8

vendor:dellmodel:sonicwall universal management appliance e5000 softwarescope:lteversion:vesion 7.1 sp1

Trust: 0.8

sources: CERT/CC: VU#727318 // JVNDB: JVNDB-2014-001394 // CNNVD: CNNVD-201402-210 // NVD: CVE-2014-0332

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2014-0332
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2014-0332
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201402-210
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67825
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0332
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2014-0332
severity: MEDIUM
baseScore: 4.3
vectorString: NONE
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-67825
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#727318 // VULHUB: VHN-67825 // JVNDB: JVNDB-2014-001394 // CNNVD: CNNVD-201402-210 // NVD: CVE-2014-0332

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 2.7

sources: CERT/CC: VU#727318 // VULHUB: VHN-67825 // JVNDB: JVNDB-2014-001394 // NVD: CVE-2014-0332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-210

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201402-210

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001394

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-67825

PATCH
title:Dell SonicWALL GMS Service Bulletin for Cross-Site Scripting Vulnerability (PDF)url:http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001394

EXTERNAL IDS
db:CERT/CCid:VU#727318
Trust: 3.6
db:NVDid:CVE-2014-0332
Trust: 2.8
db:BIDid:65498
Trust: 1.4
db:OSVDBid:103216
Trust: 1.1
db:JVNid:JVNVU95736801
Trust: 0.8
db:JVNDBid:JVNDB-2014-001394
Trust: 0.8
db:CNNVDid:CNNVD-201402-210
Trust: 0.7
db:SECUNIAid:56906
Trust: 0.6
db:PACKETSTORMid:125180
Trust: 0.1
db:VULHUBid:VHN-67825
Trust: 0.1
sources:
            
            
            CERT/CC: VU#727318 // 
            
            
            
            VULHUB: VHN-67825 // 
            
            
            
            BID: 65498 // 
            
            
            
            JVNDB: JVNDB-2014-001394 // 
            
            
            
            CNNVD: CNNVD-201402-210 // 
            
            
            
            NVD: CVE-2014-0332

REFERENCES
url:http://www.sonicwall.com/us/shared/download/support_bulletin_gms_vulnerability_xss_resolved_in_7.1_sp2_and_7.2.pdf
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/727318
Trust: 2.8
url:https://support.software.dell.com/product-notification/128245
Trust: 1.6
url:http://www.securityfocus.com/bid/65498
Trust: 1.1
url:http://osvdb.org/103216
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/91062
Trust: 1.1
url:http://cwe.mitre.org/data/definitions/79.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0332
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95736801/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0332
Trust: 0.8
url:http://secunia.com/advisories/56906
Trust: 0.6
sources:
            
            
            CERT/CC: VU#727318 // 
            
            
            
            VULHUB: VHN-67825 // 
            
            
            
            BID: 65498 // 
            
            
            
            JVNDB: JVNDB-2014-001394 // 
            
            
            
            CNNVD: CNNVD-201402-210 // 
            
            
            
            NVD: CVE-2014-0332

CREDITS
William Costa
Trust: 0.3
sources:
            
            
            BID: 65498

SOURCES
db:CERT/CCid:VU#727318
db:VULHUBid:VHN-67825
db:BIDid:65498
db:JVNDBid:JVNDB-2014-001394
db:CNNVDid:CNNVD-201402-210
db:NVDid:CVE-2014-0332

LAST UPDATE DATE
2024-11-23T22:42:38.394000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#727318date:2015-09-17T00:00:00
db:VULHUBid:VHN-67825date:2018-03-12T00:00:00
db:BIDid:65498date:2015-03-19T09:15:00
db:JVNDBid:JVNDB-2014-001394date:2014-02-20T00:00:00
db:CNNVDid:CNNVD-201402-210date:2014-02-18T00:00:00
db:NVDid:CVE-2014-0332date:2024-11-21T02:01:53.810

SOURCES RELEASE DATE
db:CERT/CCid:VU#727318date:2014-02-11T00:00:00
db:VULHUBid:VHN-67825date:2014-02-14T00:00:00
db:BIDid:65498date:2014-02-11T00:00:00
db:JVNDBid:JVNDB-2014-001394date:2014-02-13T00:00:00
db:CNNVDid:CNNVD-201402-210date:2014-02-18T00:00:00
db:NVDid:CVE-2014-0332date:2014-02-14T16:55:08.030