Vulnerability Details : CVE-2011-4005
Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2011-4005
- cpe:2.3:h:cisco:small_business_srp521w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp526w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp527w:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.19_mr3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.01:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.00.06:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp541w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp546w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp547w:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp540_series_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp540_series_firmware:1.02.00:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4005
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4005
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-4005
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4005
-
http://www.securityfocus.com/bid/50495
Cisco Small Business SRP500 Series Appliances Web Interface Remote Command Injection Vulnerability
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp500
Cisco Small Business SRP500 Series Command Injection VulnerabilityVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/71103
Cisco Small Business SRP500 Series Appliances command execution CVE-2011-4005 Vulnerability Report
-
http://www.securitytracker.com/id?1026266
Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands - SecurityTracker
Jump to