Vulnerability CVE-2011-4005
Published: 2011-11-03   Modified: 2012-02-13

Description:
Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Small business srp520 series firmware 
Cisco -> Small business srp540 series firmware 
Cisco -> Small business srp521w 
Cisco -> Small business srp526w 
Cisco -> Small business srp527w 
Cisco -> Small business srp541w 
Cisco -> Small business srp546w 
Cisco -> Small business srp547w 

 References:
http://xforce.iss.net/xforce/xfdb/71103
http://www.securitytracker.com/id?1026266
http://www.securityfocus.com/bid/50495
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp500
http://secunia.com/advisories/46664
Copyright 2024, cxsecurity.com

 

Back to Top