Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2546

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2546
Last Modified 11 Aug 2011 10:45:11
Published 28 Jul 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2546

Summary

SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.

Vulnerable Systems

Application

  • Cisco Sa500 Software 1.0.14

  • Cisco Sa500 Software 1.0.15

  • Cisco Sa500 Software 1.0.17

  • Cisco Sa500 Software 1.0.39

  • Cisco Sa500 Software 1.1.21

  • Cisco Sa500 Software 1.1.42

  • Cisco Sa500 Software 1.1.65

  • Cisco Sa500 Software 2.1.18


References

XF - cisco-sa500-login-sql-injection(68737)

BID - 48812

CISCO - 20110720 Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities

SECTRACK - 1025810

SECUNIA - 45355


Last Updated: 27 May 2016 10:57:02