Cisco Small Business SRP500 Series Appliances Unauthorized Access Security Bypass Vulnerability

Bugtraq ID:	52139
Class:	Access Validation Error
CVE:	CVE-2012-0364
Remote:	Yes
Local:	No
Published:	Feb 23 2012 12:00AM
Updated:	Feb 23 2012 12:00AM
Credit:	Michal Sajdak of Securitum.
Vulnerable:	Cisco SRP547W 0 Cisco SRP546W 0 Cisco SRP541W 0 Cisco SRP527W-U 0 Cisco SRP527W 0 Cisco SRP526W-U 0 Cisco SRP526W 0 Cisco SRP521W-U 0 Cisco SRP521W 0
Not Vulnerable:	Cisco SRP547W 1.2.4 Cisco SRP546W 1.2.4 Cisco SRP541W 1.2.4 Cisco SRP527W-U 1.2.4 Cisco SRP527W 1.1.26 Cisco SRP526W-U 1.2.4 Cisco SRP526W 1.1.26 Cisco SRP521W-U 1.2.4 Cisco SRP521W 1.1.26

Cisco Small Business SRP500 Series Appliances Unauthorized Access Security Bypass Vulnerability

Cisco Small Business SRP500 series appliances are prone to a security-bypass vulnerability because they allow attackers to gain unauthorized access to the device.

This issue is being tracked by Cisco Bug ID CSCtw55495.

An unauthenticated attacker can exploit this issue to upload a specially crafted configuration file to the affected device, thereby aiding in further attacks.

Cisco Small Business SRP500 Series Appliances Unauthorized Access Security Bypass Vulnerability

Attackers can exploit this issue using a browser.

Cisco Small Business SRP500 Series Appliances Unauthorized Access Security Bypass Vulnerability

Solution:
Updates are available. Please see the reference for more details.

Cisco Small Business SRP500 Series Appliances Unauthorized Access Security Bypass Vulnerability

References:

• Cisco Homepage (Cisco )
  
• Cisco Small Business SRP500 Homepage (Cisco)
  
• Cisco Small Business SRP 500 Series Multiple Vulnerabilities (Cisco)