CVE-2014-2589

Name of the Vulnerable Software and Affected Versions SonicWall Network Security Appliance (NSA) 2400

Description The issue is related to a cross-site scripting (XSS) vulnerability in the Dashboard Backend service, specifically in the stats/dashboard.jsp component. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the sn parameter.

Recommendations For SonicWall Network Security Appliance (NSA) 2400, as a temporary workaround, consider restricting access to the stats/dashboard.jsp component until a patch is available. Avoid using the sn parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.