cbcvebase.
CVE-2014-9610
published 2017-09-19

CVE-2014-9610: Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the…

PriorityP345medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
EXPLOIT
EPSS
3.73%
88.5th percentile
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.

Affected

12 ranges
VendorProductVersion rangeFixed in
netsweepernetsweeper<= 3.1.9
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.