Vulnerability Details : CVE-2011-2547
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
Products affected by CVE-2011-2547
- cpe:2.3:a:cisco:sa500_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.1.65:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.1.42:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.0.39:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:sa520w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:sa540:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:sa520:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2547
0.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2547
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2011-2547
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2547
-
http://securitytracker.com/id?1025810
Cisco SA500 Series Security Appliance Lets Remote Users Inject SQL Commands and Remote Authenticated Users Gain Root Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/48810
Cisco SA 500 Series Appliances Web Management Interface Remote Command Injection Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68738
Cisco SA 500 Series Security Appliances interface command execution CVE-2011-2547 Vulnerability Report
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml
Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities - CiscoVendor Advisory
Jump to