Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1646

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2011-1646
Last Modified 06 Sep 2011 11:16:18
Published 31 May 2011 04:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1646

Summary

The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.

Vulnerable Systems

Application

  • Cisco Rvs4000 Software 1.3.0.5

  • Cisco Rvs4000 Software 1.3.1.0

  • Cisco Rvs4000 Software 1.3.2.0

  • Cisco Rvs4000 Software 2.0.0.3

  • Cisco Wrvs4400n Software 1.3.0.5

  • Cisco Wrvs4400n Software 1.3.1.0

  • Cisco Wrvs4400n Software 1.3.2.0

  • Cisco Wrvs4400n Software 2.0.0.3


References

SECTRACK - 1025565

CISCO - 20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities


Last Updated: 27 May 2016 10:56:23