Vulnerability Details : CVE-2011-2546
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2011-2546
Probability of exploitation activity in the next 30 days: 0.20%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 57 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2546
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-2546
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2546
-
http://securitytracker.com/id?1025810
Cisco SA500 Series Security Appliance Lets Remote Users Inject SQL Commands and Remote Authenticated Users Gain Root Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/48812
Cisco SA 500 Series Appliances Web Management Interface (CVE-2011-2546) SQL Injection Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68737
Cisco SA 500 Series Security Appliances login form SQL injection CVE-2011-2546 Vulnerability Report
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml
Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities - CiscoVendor Advisory
Products affected by CVE-2011-2546
- cpe:2.3:a:cisco:sa500_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.1.65:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.1.42:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sa500_software:1.0.39:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:sa520w:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:sa540:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:sa520:*:*:*:*:*:*:*:*