CVE-2014-9618
CVE-2014-9618
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 73.3%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
21 Aug 2015Public PoC
19 Sep 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/37933/unverifiedexploitdbwww.exploit-db.com/exploits/37933unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.