CVE-2014-9610

MEDIUM

Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass

Title source: llm

Description

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.

Exploits (1)

exploitdb WRITEUP

by Anastasios Monachos · textwebappsphp

https://www.exploit-db.com/exploits/37929

View Code ZIP pw:eip

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37929/

Scores

CVSS v3 5.3

EPSS 0.1336

EPSS Percentile 94.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-264

Status published

Products (12)

netsweeper/netsweeper 4.0.0

netsweeper/netsweeper 4.0.1

netsweeper/netsweeper 4.0.2

netsweeper/netsweeper 4.0.3

netsweeper/netsweeper 4.0.4

netsweeper/netsweeper 4.0.5

netsweeper/netsweeper 4.0.6

netsweeper/netsweeper 4.0.7

netsweeper/netsweeper 4.0.8

netsweeper/netsweeper 4.1.0

... and 2 more

Published Sep 19, 2017

Tracked Since Feb 18, 2026