← back
CVE-2009-2344

CVE-2009-2344

EPSS 9.3%
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/9074unverifiedexploitdbwww.exploit-db.com/exploits/9074unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/35658http://www.exploit-db.com/exploits/9074http://www.securityfocus.com/archive/1/504694/100/0/threadedhttp://www.securityfocus.com/bid/35553http://www.securitytracker.com/id?1022500http://www.vupen.com/english/advisories/2009/1785