Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2547

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2011-2547
Last Modified 11 Aug 2011 10:45:11
Published 28 Jul 2011 06:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-2547

Summary

The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.

Vulnerable Systems

Application

  • Cisco Sa500 Software 1.0.14

  • Cisco Sa500 Software 1.0.15

  • Cisco Sa500 Software 1.0.17

  • Cisco Sa500 Software 1.0.39

  • Cisco Sa500 Software 1.1.21

  • Cisco Sa500 Software 1.1.42

  • Cisco Sa500 Software 1.1.65

  • Cisco Sa500 Software 2.1.18


References

XF - cisco-sa500-interface-command-exec(68738)

BID - 48810

CISCO - 20110720 Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities

SECTRACK - 1025810

SECUNIA - 45355


Last Updated: 27 May 2016 10:57:02