Cisco Small Business SRP500 Series Web Interface CVE-2012-0363 Command Injection Vulnerability

Bugtraq ID:	52141
Class:	Design Error
CVE:	CVE-2012-0363
Remote:	Yes
Local:	No
Published:	Feb 23 2012 12:00AM
Updated:	Feb 23 2012 12:00AM
Credit:	Michal Sajdak of Securitum
Vulnerable:	Cisco SRP547W 0 Cisco SRP546W 0 Cisco SRP541W 0 Cisco SRP527W-U 0 Cisco SRP527W 0 Cisco SRP526W-U 0 Cisco SRP526W 0 Cisco SRP521W-U 0 Cisco SRP521W 0
Not Vulnerable:	Cisco SRP547W 1.2.4 Cisco SRP546W 1.2.4 Cisco SRP541W 1.2.4 Cisco SRP527W-U 1.2.4 Cisco SRP527W 1.1.26 Cisco SRP526W-U 1.2.4 Cisco SRP526W 1.1.26 Cisco SRP521W-U 1.2.4 Cisco SRP521W 1.1.26

Cisco Small Business SRP500 Series Web Interface CVE-2012-0363 Command Injection Vulnerability

Cisco Small Business SRP500 series appliances are prone to a remote command-injection vulnerability.

Successful exploits will result in the execution of operating system commands in the context of the root user. This may facilitate a complete compromise of an affected computer.

This issue is being tracked by Cisco bug ID CSCtt46871.

Cisco Small Business SRP500 Series Web Interface CVE-2012-0363 Command Injection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Cisco Small Business SRP500 Series Web Interface CVE-2012-0363 Command Injection Vulnerability

Solution:
Updates are available. Please see the references for more information.

Cisco Small Business SRP500 Series Web Interface CVE-2012-0363 Command Injection Vulnerability

References:

• Cisco Small Business SRP500 Homepage (Cisco)
  
• Cisco Small Business SRP 500 Series Multiple Vulnerabilities (Cisco)