Remote Command Execution in Cisco SA 500 Series Security Appliances
CVE-2011-2547

Currently unrated

Key Information:

Vendor: Cisco
Status: Sa500 Software; Sa520; Sa520w; Sa540
Vendor: CVE Published:; 28 July 2011

Summary

The web management interface of Cisco SA 500 series security appliances, prior to version 2.1.19, is susceptible to a vulnerability that enables remote authenticated users to execute arbitrary commands. This security flaw arises from improper handling of parameters in web forms, allowing attackers to manipulate the interface to perform unauthorized actions. Organizations utilizing affected versions should prioritize upgrading to mitigate potential risks associated with this vulnerability.

References

http://secunia.com/advisories/45355

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/68738

vdb-entryx_refsource_XF

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jul 28, 2011
Vulnerability Reserved
Jun 27, 2011