[email protected]CVE-2012-0365

HistoryFeb 25, 2012 - 4:21 a.m.

CVE-2012-0365

2012-02-2504:21:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2012-0365

directory traversal

local tftp file-upload

cisco srp 520

firmware

software vulnerability

remote authenticated users

bug id csctw56009

6.8 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

58.9%

JSON

Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009.

CPENameOperatorVersion
cisco:small_business_srp520_series_firmwarecisco small business srp520 series firmwarele1.01.24
cisco:small_business_srp520_series_firmwarecisco small business srp520 series firmwareeq1.01.01
cisco:small_business_srp520_series_firmwarecisco small business srp520 series firmwareeq1.01.09
cisco:small_business_srp520_series_firmwarecisco small business srp520 series firmwareeq1.01.11
cisco:small_business_srp520_series_firmwarecisco small business srp520 series firmwareeq1.01.19
cisco:small_business_srp520_series_firmwarecisco small business srp520 series firmwareeq1.01.23
cisco:small_business_srp521wcisco small business srp521weq*
cisco:small_business_srp526wcisco small business srp526weq*
cisco:small_business_srp527wcisco small business srp527weq*
cisco:small_business_srp520-u_series_firmwarecisco small business srp520-u series firmwareeq1.1.0

CPE	Name	Operator	Version
cisco:small_business_srp520_series_firmware	cisco small business srp520 series firmware	le	1.01.24
cisco:small_business_srp520_series_firmware	cisco small business srp520 series firmware	eq	1.01.01
cisco:small_business_srp520_series_firmware	cisco small business srp520 series firmware	eq	1.01.09
cisco:small_business_srp520_series_firmware	cisco small business srp520 series firmware	eq	1.01.11
cisco:small_business_srp520_series_firmware	cisco small business srp520 series firmware	eq	1.01.19
cisco:small_business_srp520_series_firmware	cisco small business srp520 series firmware	eq	1.01.23
cisco:small_business_srp521w	cisco small business srp521w	eq	*
cisco:small_business_srp526w	cisco small business srp526w	eq	*
cisco:small_business_srp527w	cisco small business srp527w	eq	*
cisco:small_business_srp520-u_series_firmware	cisco small business srp520-u series firmware	eq	1.1.0

Rows per page:

1-10 of 181

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500

www.securitytracker.com/id?1026736

6.8 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2012-0365

prion1 cvelist1 securityvulns2 cisco1