CVE-2012-0363: Code Injection
First published: Sat Feb 25 2012(Updated: )
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Small Business SRP520-U Series Firmware | <=1.01.24 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.01 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.09 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.11 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.19 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.23 | |
| Cisco SRP521W | ||
| Cisco Small Business SRP526W/U | ||
| Cisco Small Business SRP527W | ||
| Cisco SRP520 Firmware | =1.1.0 | |
| Cisco SRP521W | ||
| Cisco Small Business SRP526W/U | ||
| Cisco Small Business SRP527W | ||
| Cisco Small Business SA540 Firmware | <=1.02.01 | |
| Cisco Small Business SA540 Firmware | =1.02.00.023 | |
| Cisco Small Business SRP541W | ||
| Cisco Small Business SRP546W | ||
| Cisco Small Business SRP547W |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0363?
CVE-2012-0363 is classified as a high-severity command injection vulnerability.
How do I fix CVE-2012-0363?
To remediate CVE-2012-0363, upgrade the firmware of affected Cisco SRP devices to at least version 1.1.26 or 1.2.4.
Which devices are affected by CVE-2012-0363?
CVE-2012-0363 affects Cisco SRP 520 and 540 series devices with specific firmware versions prior to the fixed releases.
What type of attack is possible with CVE-2012-0363?
CVE-2012-0363 allows remote authenticated users to execute arbitrary commands on the affected Cisco devices.
Is CVE-2012-0363 being actively exploited?
There is no public information indicating active exploitation of CVE-2012-0363, but it remains a significant security risk.
- agent/references
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco small business srp520-u series firmware
- version/cisco small business srp520-u series firmware/1.01.24
- version/cisco small business srp520-u series firmware/1.01.01
- version/cisco small business srp520-u series firmware/1.01.09
- version/cisco small business srp520-u series firmware/1.01.11
- version/cisco small business srp520-u series firmware/1.01.19
- version/cisco small business srp520-u series firmware/1.01.23
- canonical/cisco srp521w
- canonical/cisco small business srp526w/u
- canonical/cisco small business srp527w
- canonical/cisco srp520 firmware
- version/cisco srp520 firmware/1.1.0
- canonical/cisco small business sa540 firmware
- version/cisco small business sa540 firmware/1.02.01
- version/cisco small business sa540 firmware/1.02.00.023
- canonical/cisco small business srp541w
- canonical/cisco small business srp546w
- canonical/cisco small business srp547w