CVE-2012-1258

Name of the Vulnerable Software and Affected Versions Plixer International Scrutinizer NetFlow & sFlow Analyzer versions prior to 9.0.1.19899

Description The issue concerns a lack of user permission validation in the cgi-bin/userprefs.cgi component. This allows remote attackers to create new user accounts with administrator privileges by exploiting the newuser, pwd, and selectedUserGroup parameters.

Recommendations For versions prior to 9.0.1.19899, update to version 9.0.1.19899 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin/userprefs.cgi component to prevent unauthorized account creation.