Vulnslist

find the latest Cisco vulnerabilities

Cisco Small Business SRP 500 Series Multiple Vulnerabilities

cisco-sa-20120223-srp500 · Critical · Published · Updated

Cisco Small Business (SRP 500) Series Services Ready Platforms contain the following three vulnerabilities: Cisco SRP 500 Series Web Interface Command Injection Vulnerability Cisco SRP 500 Series Unauthenticated Configuration Upload Vulnerability Cisco SRP 500 Series Directory Traversal Vulnerability These vulnerabilities can be exploited using sessions to the Services Ready Platform Configuration Utility web interface. These vulnerabilities could be exploited from the local LAN side of the SRP device by default configuration and the WAN side of the SRP device if remote management is enabled.  Remote management is disabled by default. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500

Cisco advisory ·CSAF JSON

Workarounds

No workaround information imported yet.

CVEsCVE-2012-0363, CVE-2012-0364, CVE-2012-0365
Cisco Bug IDsCSCtt46871, CSCtw55495, CSCtw56009
CVSS ScoreBase 9.0
Base 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
Base 7.8 AV:N/AC:L/Au:N/C:N/I:C/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Small Business SRP500 Series Services Ready Platforms

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Small Business SRP500 Series Services Ready Platforms known_affected cisco_csaf CVE-2012-0363, CVE-2012-0364, CVE-2012-0365 3
CSAFPID-43 known_affected cisco_csaf CVE-2012-0363, CVE-2012-0364, CVE-2012-0365 3

Related Products

Product CVE Evidence
Cisco Small Business SRP500 Series Services Ready Platforms CVE-2012-0363 Cisco OpenVuln · family-level
Cisco SRP500 Services Ready Platforms CVE-2012-0363 Cisco OpenVuln
Cisco Small Business SRP500 Series Services Ready Platforms CVE-2012-0364 Cisco OpenVuln · family-level
Cisco SRP500 Services Ready Platforms CVE-2012-0364 Cisco OpenVuln
Cisco Small Business SRP500 Series Services Ready Platforms CVE-2012-0365 Cisco OpenVuln · family-level
Cisco SRP500 Services Ready Platforms CVE-2012-0365 Cisco OpenVuln