CVE-2011-2546

Published Jul 28, 2011

Last updated 7 years ago

CVSS info 5.0

Overview

Description: SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:sa500_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F34CEB78-9F68-4BF7-BB70-7AF03524CA9D",
            "versionEndIncluding": "2.1.18"
          },
          {
            "criteria": "cpe:2.3:a:cisco:sa500_software:1.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "988B2905-DE56-417F-BDFC-26C3120F4FE9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:sa500_software:1.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B1DCFEE-D2CA-46EC-B92B-7BC6D84A863F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:sa500_software:1.0.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6969B8E-BA94-4E5C-8864-886EC7DB5568"
          },
          {
            "criteria": "cpe:2.3:a:cisco:sa500_software:1.0.39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F3EFD6F-BCA3-4578-ACB7-CDA48C66F8A8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:sa500_software:1.1.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8D0F427-03DB-4B77-AD44-2CF30A3A8468"
          },
          {
            "criteria": "cpe:2.3:a:cisco:sa500_software:1.1.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D1CC976-BE22-4C5B-A877-ED78544C2730"
          },
          {
            "criteria": "cpe:2.3:a:cisco:sa500_software:1.1.65:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE089465-47D4-48EC-878A-B045E78A6D7A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sa520:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41EA22A9-7330-473D-A8F6-625EACF21B35"
          },
          {
            "criteria": "cpe:2.3:h:cisco:sa520w:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C7A7463-BCAC-4DD8-920A-2D3134D3B579"
          },
          {
            "criteria": "cpe:2.3:h:cisco:sa540:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86F2ED99-EB36-4FB6-8404-BF0DDD2B2AEA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References