CVE-2009-2344

Published: Jul 7, 2009Modified: Apr 23, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.

Affected (8)

Products: Sourcefire: 3d Sensor, Defense Center

2 products

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Sourcefire 3d Sensor	Up to 4.8.1
Sourcefire 3d Sensor	Version 4.8.0.3
Sourcefire 3d Sensor	Version 4.8.0.4
Sourcefire 3d Sensor	Version 4.8
Sourcefire Defense Center	Up to 4.8.1
Sourcefire Defense Center	Version 4.8.0.3
Sourcefire Defense Center	Version 4.8.0.4
Sourcefire Defense Center	Version 4.8

Related CWEs

References (12)

http://secunia.com/advisories/35658

Source: cve@mitre.org

Vendor Advisory

http://www.exploit-db.com/exploits/9074

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/504694/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/35553

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1022500

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1785

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35658

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.exploit-db.com/exploits/9074

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/504694/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35553

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1022500

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1785

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.