Arbitrary User Account Creation with Administrator Privileges in Plixer International Scrutinizer NetFlow & sFlow Analyzer

Arbitrary User Account Creation with Administrator Privileges in Plixer International Scrutinizer NetFlow & sFlow Analyzer

CVE-2012-1258 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.

Learn more about our User Device Pen Test.