Directory Traversal Vulnerability in Cisco SRP 500 Series Devices
CVE-2012-0365

Currently unrated

Key Information:

Vendor: Cisco
Status: Small Business Srp520 Series Firmware; Small Business Srp521w; Small Business Srp526w; Small Business Srp527w
Vendor: CVE Published:; 25 February 2012

Summary

The Local TFTP file-upload application on Cisco SRP 500 series devices contains a directory traversal vulnerability that allows remote authenticated users to upload software to arbitrary directories. This security flaw, identified in Bug ID CSCtw56009, affects devices running firmware prior to specific versions, potentially compromising the integrity of the file system. It is crucial for users to update their firmware to avoid exploitation and maintain the security of their network infrastructure.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id?1026736

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Feb 25, 2012
Vulnerability Reserved
Jan 4, 2012