CVE-2014-9618

CRITICAL NUCLEI

Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9618. PoCs published by Anastasios Monachos. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup describing an authentication bypass vulnerability in Netsweeper 4.0.8. The exploit involves manipulating the 'action' parameter to bypass authentication and create a new profile without credentials.

Description

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.

Exploits (1)

exploitdb WRITEUP

by Anastasios Monachos · textwebappsphp

https://www.exploit-db.com/exploits/37933

View Code ZIP pw:eip

This is a writeup describing an authentication bypass vulnerability in Netsweeper 4.0.8. The exploit involves manipulating the 'action' parameter to bypass authentication and create a new profile without credentials.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Netsweeper 4.0.8

No auth needed

Prerequisites: Access to the Netsweeper web admin interface

MITRE ATT&CK

T1550.002 - Pass the Hash

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Netsweeper - Authentication Bypass

CRITICALby daffainfo

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37933/

Scores

CVSS v3 9.8

EPSS 0.6817

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (12)

netsweeper/netsweeper 4.0.0

netsweeper/netsweeper 4.0.1

netsweeper/netsweeper 4.0.2

netsweeper/netsweeper 4.0.3

netsweeper/netsweeper 4.0.4

netsweeper/netsweeper 4.0.5

netsweeper/netsweeper 4.0.6

netsweeper/netsweeper 4.0.7

netsweeper/netsweeper 4.0.8

netsweeper/netsweeper 4.1.0

... and 2 more

Published Sep 19, 2017

Tracked Since Feb 18, 2026