CVE-2011-4005 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Small Business Srp520 Series Firmware Small Business Srp521w Small Business Srp526w Small Business Srp527w Small Business Srp540 Series Firmware Small Business Srp541w Small Business Srp546w Small Business Srp547w

Configuration 1 [-]

AND

OR	cpe:2.3:h:cisco:small_business_srp521w::::::::
	cpe:2.3:h:cisco:small_business_srp526w::::::::
	cpe:2.3:h:cisco:small_business_srp527w::::::::

OR	cpe:2.3:a:cisco:small_business_srp520_series_firmware::::::::
	cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.00.06:::::::*
	cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.01:::::::*
	cpe:2.3:a:cisco:small_business_srp520_series_firmware:1.01.19_mr3:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:h:cisco:small_business_srp541w::::::::
	cpe:2.3:h:cisco:small_business_srp546w::::::::
	cpe:2.3:h:cisco:small_business_srp547w::::::::

OR	cpe:2.3:a:cisco:small_business_srp540_series_firmware::::::::
	cpe:2.3:a:cisco:small_business_srp540_series_firmware:1.02.00:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/46664
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp500
http://www.securityfocus.com/bid/50495
http://www.securitytracker.com/id?1026266
https://exchange.xforce.ibmcloud.com/vulnerabilities/71103

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2011-11-03T10:00:00

Updated: 2024-08-06T23:53:32.630Z

Reserved: 2011-10-06T00:00:00

Link: CVE-2011-4005

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-11-03T10:55:08.700

Modified: 2017-08-29T01:30:26.507

Link: CVE-2011-4005

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object