CVE-2012-0364
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cisco | small_business_srp520_series_firmware | {"endIncluding":"1.01.24"} | |
| cisco | small_business_srp520_series_firmware | 1.01.01 | |
| cisco | small_business_srp520_series_firmware | 1.01.09 | |
| cisco | small_business_srp520_series_firmware | 1.01.11 | |
| cisco | small_business_srp520_series_firmware | 1.01.19 | |
| cisco | small_business_srp520_series_firmware | 1.01.23 | |
| cisco | small_business_srp520-u_series_firmware | 1.1.0 | |
| cisco | small_business_srp540_series_firmware | {"endIncluding":"1.02.01"} | |
| cisco | small_business_srp540_series_firmware | 1.02.00.023 | |
References
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.