Vulnerability Details : CVE-2012-0363
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871.
Products affected by CVE-2012-0363
- cpe:2.3:h:cisco:small_business_srp521w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp526w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp527w:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.01:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.23:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.19:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.11:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.09:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp541w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp546w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp547w:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp540_series_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp540_series_firmware:1.02.00.023:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp521w-u:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp526w-u:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:small_business_srp527w-u:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_srp520-u_series_firmware:1.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0363
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0363
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2012-0363
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0363
-
http://www.securitytracker.com/id?1026736
Cisco Small Business SRP500 Series Bugs Let Remote Users Upload Files and Remote Authenticated Users Inject Commands - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500
Cisco Small Business SRP 500 Series Multiple VulnerabilitiesPatch;Vendor Advisory
Jump to