9.3
CVE-2011-4005
- EPSS 0.23%
- Veröffentlicht 03.11.2011 10:55:08
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Small Business Srp520 Series Firmware Version <= 1.01.23
Cisco ≫ Small Business Srp520 Series Firmware Version1.00.06
Cisco ≫ Small Business Srp520 Series Firmware Version1.01.01
Cisco ≫ Small Business Srp520 Series Firmware Version1.01.19_mr3
Cisco ≫ Small Business Srp540 Series Firmware Version <= 1.02.01_mr2
Cisco ≫ Small Business Srp540 Series Firmware Version1.02.00
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.453 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.