Lucene search

CiscoCVE-2011-4005

HistoryNov 03, 2011 - 10:55 a.m.

CVE-2011-4005

2011-11-0310:55:08

CWE-352

cisco

web.nvd.nist.gov

cve-2011-4005

csrf

cisco

srp521w

srp526w

srp527w

srp541w

srp546w

srp547w

firmware vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

56.0%

JSON

Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.

Affected configurations

Nvd

Node

ciscosmall_business_srp521w

ciscosmall_business_srp526w

ciscosmall_business_srp527w

AND

ciscosmall_business_srp520_series_firmwareRange≤1.01.23

ciscosmall_business_srp520_series_firmwareMatch1.00.06

ciscosmall_business_srp520_series_firmwareMatch1.01.01

ciscosmall_business_srp520_series_firmwareMatch1.01.19_mr3

Node

ciscosmall_business_srp541w

ciscosmall_business_srp546w

ciscosmall_business_srp547w

AND

ciscosmall_business_srp540_series_firmwareRange≤1.02.01_mr2

ciscosmall_business_srp540_series_firmwareMatch1.02.00

VendorProductVersionCPE
ciscosmall_business_srp521w*cpe:2.3:h:cisco:small_business_srp521w:*:*:*:*:*:*:*:*
ciscosmall_business_srp526w*cpe:2.3:h:cisco:small_business_srp526w:*:*:*:*:*:*:*:*
ciscosmall_business_srp527w*cpe:2.3:h:cisco:small_business_srp527w:*:*:*:*:*:*:*:*
ciscosmall_business_srp520_series_firmware*cpe:2.3:a:cisco:small_business_srp520_series_firmware:*:*:*:*:*:*:*:*
ciscosmall_business_srp520_series_firmware1.00.06cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.00.06:*:*:*:*:*:*:*
ciscosmall_business_srp520_series_firmware1.01.01cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.01:*:*:*:*:*:*:*
ciscosmall_business_srp520_series_firmware1.01.19_mr3cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.19_mr3:*:*:*:*:*:*:*
ciscosmall_business_srp541w*cpe:2.3:h:cisco:small_business_srp541w:*:*:*:*:*:*:*:*
ciscosmall_business_srp546w*cpe:2.3:h:cisco:small_business_srp546w:*:*:*:*:*:*:*:*
ciscosmall_business_srp547w*cpe:2.3:h:cisco:small_business_srp547w:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	small_business_srp521w	*	cpe:2.3:h:cisco:small_business_srp521w::::::::
cisco	small_business_srp526w	*	cpe:2.3:h:cisco:small_business_srp526w::::::::
cisco	small_business_srp527w	*	cpe:2.3:h:cisco:small_business_srp527w::::::::
cisco	small_business_srp520_series_firmware	*	cpe:2.3:a:cisco:small_business_srp520_series_firmware::::::::
cisco	small_business_srp520_series_firmware	1.00.06	cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.00.06:::::::*
cisco	small_business_srp520_series_firmware	1.01.01	cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.01:::::::*
cisco	small_business_srp520_series_firmware	1.01.19_mr3	cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.19_mr3:::::::*
cisco	small_business_srp541w	*	cpe:2.3:h:cisco:small_business_srp541w::::::::
cisco	small_business_srp546w	*	cpe:2.3:h:cisco:small_business_srp546w::::::::
cisco	small_business_srp547w	*	cpe:2.3:h:cisco:small_business_srp547w::::::::

Rows per page:

1-10 of 121

References

secunia.com/advisories/46664

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp500

www.securityfocus.com/bid/50495

www.securitytracker.com/id?1026266

exchange.xforce.ibmcloud.com/vulnerabilities/71103

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

56.0%

JSON

Related for CVE-2011-4005