Vulnerability Details : CVE-2011-1646
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.
Products affected by CVE-2011-1646
- cpe:2.3:h:cisco:rvs4000:2:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:rvs4000:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:rvs4000_software:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:rvs4000_software:1.3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:rvs4000_software:1.3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:rvs4000_software:1.3.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:wrvs4400n:1.1:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:wrvs4400n:2:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:wrvs4400n:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wrvs4400n_software:1.3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wrvs4400n_software:1.3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wrvs4400n_software:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wrvs4400n_software:1.3.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1646
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1646
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2011-1646
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1646
-
http://www.securitytracker.com/id?1025565
Cisco Gigabit Security Router Bugs Let Remote Users Obtain Information and Execute Arbitrary Code - SecurityTracker
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml
Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities - CiscoVendor Advisory
Jump to