漏洞信息详情
Cisco Small Business 跨站请求伪造漏洞
- CNNVD编号:CNNVD-201111-121
- 危害等级: 超危
- CVE编号: CVE-2011-4005
- 漏洞类型: 跨站请求伪造
- 发布时间: 1900-01-01
- 威胁类型: 远程
- 更新时间: 2011-11-14
- 厂 商: cisco
- 漏洞来源: Michal Sajdak of S...
漏洞简介
Cisco Small Business SRP500 Series Services Ready Platforms是具有多种IP语音、数据、安全和无线服务的小型企业解决方案。
Cisco Small Business SRP500系列设备在实现上存在操作系统远程命令注入漏洞。该漏洞导致攻击者通过到Services Ready Platform Configuration Utility的Web界面的远程会话以root用户权限执行任意命令。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp500
参考网址
来源: CISCO
名称: 20111102 Cisco Small Business SRP500 Series Command Injection Vulnerability
链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp500
来源:SECUNIA
名称:46664
链接:http://secunia.com/advisories/46664 来源:NSFOCUS 名称:18116 链接:http://www.nsfocus.net/vulndb/18116
受影响实体
- Cisco Small_business_srp547w
- Cisco Small_business_srp546w
- Cisco Small_business_srp541w
- Cisco Small_business_srp526w
- Cisco Small_business_srp527w
补丁
暂无
评论