SQL Injection Vulnerability in Cisco SA 500 Series Security Appliances
CVE-2011-2546

Currently unrated

Key Information:

Vendor
Cisco
Status
Sa500 Software
Sa520
Sa520w
Sa540
Vendor
CVE Published:
28 July 2011

Summary

An SQL injection vulnerability exists in the web-based management interface of Cisco SA 500 series security appliances. This flaw allows remote attackers to execute arbitrary SQL commands through unspecified vectors, potentially compromising the security of the device and the data it manages. Cisco has provided an advisory regarding this issue and recommends upgrading to a patched version of the software to mitigate the vulnerability.

References

http://secunia.com/advisories/45355
third-party-advisoryx_refsource_SECUNIA
http://www.cisco.com/en/US/products/products_security_adv...
vendor-advisoryx_refsource_CISCO
http://securitytracker.com/id?1025810
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.