Release date:
Updated on:
Affected Systems:
Cisco Small Business SRP500 series SRP547W 0
Cisco Small Business SRP500 series SRP546W 0
Cisco Small Business SRP500 series SRP541W 0
Cisco Small Business SRP500 SRP527W-U series 0
Cisco Small Business SRP500 series SRP527W 0
Cisco Small Business SRP500 SRP526W-U series 0
Cisco Small Business SRP500 series SRP526W 0
Cisco Small Business SRP500 SRP521W-U series 0
Cisco Small Business SRP500 series SRP521W 0
Unaffected system:
Cisco Small Business SRP500 series SRP547W 1.2.4
Cisco Small Business SRP500 series SRP546W 1.2.4
Cisco Small Business SRP500 series SRP541W 1.2.4
Cisco Small Business SRP500 series SRP527W-U 1.2.4
Cisco Small Business SRP500 series SRP527W 1.1.26
Cisco Small Business SRP500 series SRP526W-U 1.2.4
Cisco Small Business SRP500 series SRP526W 1.1.26
Cisco Small Business SRP500 series SRP521W-U 1.2.4
Cisco Small Business SRP500 series SRP521W 1.1.26
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52141
Cve id: CVE-2012-0363
Cisco SRP 500 system equipment is the equipment that the service provider creates, configures, and deploys services for customers.
A remote command injection vulnerability exists in the implementation of the Cisco SRP 500 system device, which can intercept authentication sessions through man-in-the-middle attacks, resulting in the execution of system commands.
<* Source: Michal Sajdak (michal.sajdak@securitum.pl)
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20120223-srp500) and patches for this:
Cisco-sa-20120223-srp500: Cisco Small Business SRP 500 Series Multiple Vulnerabilities
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500