Cisco Small Business SRP500 Series Appliances Directory Traversal Vulnerability

Bugtraq ID:	52140
Class:	Input Validation Error
CVE:	CVE-2012-0365
Remote:	Yes
Local:	No
Published:	Feb 23 2012 12:00AM
Updated:	Mar 19 2015 09:18AM
Credit:	Michal Sajdak of Securitum
Vulnerable:	Cisco SRP547W 1.2.1 Cisco SRP547W 0 Cisco SRP546W 1.2.1 Cisco SRP546W 0 Cisco SRP541W 1.2.1 Cisco SRP541W 1.2.1 Cisco SRP541W 0 Cisco SRP527W-U 0 Cisco SRP527W 1.1.24 Cisco SRP527W 0 Cisco SRP526W-U 0 Cisco SRP526W 1.1.24 Cisco SRP526W 0 Cisco SRP521W-U 0 Cisco SRP521W 1.1.24 Cisco SRP521W 0
Not Vulnerable:	Cisco SRP547W 1.2.4 Cisco SRP546W 1.2.4 Cisco SRP541W 1.2.4 Cisco SRP527W-U 1.2.4 Cisco SRP527W 1.1.26 Cisco SRP526W-U 1.2.4 Cisco SRP526W 1.1.26 Cisco SRP521W-U 1.2.4 Cisco SRP521W 1.1.26

Cisco Small Business SRP500 Series Appliances Directory Traversal Vulnerability

Cisco Small Business SRP500 series appliances are prone to a directory-traversal vulnerability.

Exploiting this issue will allow an attacker to access sensitive information, including password files and system logs, and and allow installation of malicious software on the Cisco SRP 500 series device. This could help the attacker launch further attacks.

This issue is tracked by Cisco BugID CSCtw56009.

Cisco Small Business SRP500 Series Appliances Directory Traversal Vulnerability

An attacker can use readily available tools to exploit this issue.

Cisco Small Business SRP500 Series Appliances Directory Traversal Vulnerability

Solution:
Vendor updates are available. Please see the references for details.

Cisco Small Business SRP500 Series Appliances Directory Traversal Vulnerability

References:

• Cisco Small Business SRP500 Homepage (Cisco)
  
• Cisco Small Business SRP 500 Series Multiple Vulnerabilities (Cisco)