First published: Thu Jul 28 2011(Updated: )
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Software | <=2.1.18 | |
Cisco Software | =1.0.14 | |
Cisco Software | =1.0.15 | |
Cisco Software | =1.0.17 | |
Cisco Software | =1.0.39 | |
Cisco Software | =1.1.21 | |
Cisco Software | =1.1.42 | |
Cisco Software | =1.1.65 | |
Cisco SA520W | ||
Cisco SA520W | ||
Cisco SA540 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-2547 has a medium severity rating due to the potential for remote command execution by authenticated users.
To fix CVE-2011-2547, update your Cisco SA 500 series security appliance to software version 2.1.19 or later.
CVE-2011-2547 affects Cisco SA 500 series security appliances running software versions prior to 2.1.19.
No, CVE-2011-2547 requires remote authenticated users to exploit the vulnerability.
Due to CVE-2011-2547, crafted parameters to web forms can allow attackers to execute arbitrary commands on the affected appliance.