Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Cisco SRP 500
Опубликовано:19 марта 2012 г.
Источник:
SecurityVulns ID:12273
Тип:удаленная
Уровень опасности:
6/10
Описание:Внедрение команд, обратный путь в каталогах, несанкционированная загрузка конфигурации.
Затронутые продукты:CISCO : Cisco SRP 500
CVE:CVE-2012-0365 (Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009.)
 CVE-2012-0364 (Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495.)
 CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities (19.03.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород