Vulnerability Details CVE-2011-2546
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/45355
- http://securitytracker.com/id?1025810
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml
- http://www.securityfocus.com/bid/48812
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68737
- http://secunia.com/advisories/45355
- http://securitytracker.com/id?1025810
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml
- http://www.securityfocus.com/bid/48812
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68737
Products affected by CVE-2011-2546
-
cpe:2.3:a:cisco:sa500_software:*
-
cpe:2.3:a:cisco:sa500_software:1.0.14
-
cpe:2.3:a:cisco:sa500_software:1.0.15
-
cpe:2.3:a:cisco:sa500_software:1.0.17
-
cpe:2.3:a:cisco:sa500_software:1.0.39
-
cpe:2.3:a:cisco:sa500_software:1.1.21
-
cpe:2.3:a:cisco:sa500_software:1.1.42
-
cpe:2.3:a:cisco:sa500_software:1.1.65
-
cpe:2.3:h:cisco:sa520:*
-
cpe:2.3:h:cisco:sa520w:*
-
cpe:2.3:h:cisco:sa540:*