Vulnerability CVE-2011-2547
Published: 2011-07-28   Modified: 2012-02-13

Description:
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Sa500 software 
Cisco -> Sa520 
Cisco -> Sa520w 
Cisco -> Sa540 

 References:
http://securitytracker.com/id?1025810
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml
http://www.securityfocus.com/bid/48810
https://exchange.xforce.ibmcloud.com/vulnerabilities/68738
Copyright 2024, cxsecurity.com

 

Back to Top