CVE-2009-2344 - Vulnerability Details - OpenCVE

The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sourcefire	3d Sensor Defense Center

Configuration 1 [-]

OR	cpe:2.3:h:sourcefire:3d_sensor::::::::
	cpe:2.3:h:sourcefire:3d_sensor:4.8:::::::*
	cpe:2.3:h:sourcefire:3d_sensor:4.8.0.3:::::::*
	cpe:2.3:h:sourcefire:3d_sensor:4.8.0.4:::::::*
	cpe:2.3:h:sourcefire:defense_center::::::::
	cpe:2.3:h:sourcefire:defense_center:4.8:::::::*
	cpe:2.3:h:sourcefire:defense_center:4.8.0.3:::::::*
	cpe:2.3:h:sourcefire:defense_center:4.8.0.4:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/35658
http://www.exploit-db.com/exploits/9074
http://www.securityfocus.com/archive/1/504694/100/0/threaded
http://www.securityfocus.com/bid/35553
http://www.securitytracker.com/id?1022500
http://www.vupen.com/english/advisories/2009/1785

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-07T19:00:00

Updated: 2024-08-07T05:44:55.955Z

Reserved: 2009-07-07T00:00:00

Link: CVE-2009-2344

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-07-07T19:30:00.297

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-2344

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-02T00:00:00", "descriptions": [{"lang": "en", "value": "The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "35658", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35658"}, {"name": "1022500", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022500"}, {"name": "9074", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/9074"}, {"name": "20090701 Sourcefire 3D Sensor and DC, privilege escalation vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"}, {"name": "ADV-2009-1785", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1785"}, {"name": "35553", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35553"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2344", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "35658", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35658"}, {"name": "1022500", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022500"}, {"name": "9074", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9074"}, {"name": "20090701 Sourcefire 3D Sensor and DC, privilege escalation vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"}, {"name": "ADV-2009-1785", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1785"}, {"name": "35553", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35553"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:44:55.955Z"}, "title": "CVE Program Container", "references": [{"name": "35658", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35658"}, {"name": "1022500", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022500"}, {"name": "9074", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/9074"}, {"name": "20090701 Sourcefire 3D Sensor and DC, privilege escalation vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"}, {"name": "ADV-2009-1785", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1785"}, {"name": "35553", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35553"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2344", "datePublished": "2009-07-07T19:00:00", "dateReserved": "2009-07-07T00:00:00", "dateUpdated": "2024-08-07T05:44:55.955Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sourcefire:3d_sensor:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F78FF4A-7E52-48AC-BA6C-134A2CF16E4C", "versionEndIncluding": "4.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:h:sourcefire:3d_sensor:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "B8C912A2-516B-4812-9202-015A181D2768", "vulnerable": true}, {"criteria": "cpe:2.3:h:sourcefire:3d_sensor:4.8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C8573E9A-5F6A-4A31-AC29-47A5021AECF0", "vulnerable": true}, {"criteria": "cpe:2.3:h:sourcefire:3d_sensor:4.8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "997B953B-7DCC-4707-8BEE-95218461864D", "vulnerable": true}, {"criteria": "cpe:2.3:h:sourcefire:defense_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2902AF6-3F68-4FC7-8012-64BD406367FA", "versionEndIncluding": "4.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:h:sourcefire:defense_center:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "981AB37C-4308-4339-A024-583CB09D9703", "vulnerable": true}, {"criteria": "cpe:2.3:h:sourcefire:defense_center:4.8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FC3E2566-A460-4D7E-9991-B026B407F600", "vulnerable": true}, {"criteria": "cpe:2.3:h:sourcefire:defense_center:4.8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "64DBAB25-4691-4225-9AA4-66E93F31A93B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components."}, {"lang": "es", "value": "La interfaz de administraci\u00f3n web en Sourcefire Defense Center (DC) y 3D Sensor anteriores a v4.8.2 permiten a usuarios autentificarse para obtener privilegios a trav\u00e9s de un valor $admin para los parametros de administraci\u00f3n en una acci\u00f3n de edici\u00f3n de admin/user/user.cgi y otros componentes no especificados."}], "id": "CVE-2009-2344", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-07T19:30:00.297", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35658"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/9074"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/35553"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022500"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/9074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/35553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022500"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1785"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}