CVE-2014-9618

CRITICAL NUCLEI

Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass

Title source: llm

Description

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.

Exploits (1)

exploitdb WRITEUP

by Anastasios Monachos · textwebappsphp

https://www.exploit-db.com/exploits/37933

View Code ZIP pw:eip

Nuclei Templates (1)

Netsweeper - Authentication Bypass

CRITICALby daffainfo

References (2)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/37933/

Scores

CVSS v3 9.8

EPSS 0.6817

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (12)

netsweeper/netsweeper 4.0.0

netsweeper/netsweeper 4.0.1

netsweeper/netsweeper 4.0.2

netsweeper/netsweeper 4.0.3

netsweeper/netsweeper 4.0.4

netsweeper/netsweeper 4.0.5

netsweeper/netsweeper 4.0.6

netsweeper/netsweeper 4.0.7

netsweeper/netsweeper 4.0.8

netsweeper/netsweeper 4.1.0

... and 2 more

Published Sep 19, 2017

Tracked Since Feb 18, 2026