CVE-2012-0364 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2012-0364?

CVE-2012-0364 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-0364?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Small Business Srp520 Series Firmware, Cisco Small Business Srp521W, Cisco Small Business Srp526W, Cisco Small Business Srp527W, Cisco Small Business Srp520-U Series Firmware.

Vulnerability Description

Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:C/A:N

Confidentiality

NONE

Integrity

COMPLETE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Small Business Srp520 Series Firmware	<= 1.01.24
Cisco	Small Business Srp521W	All versions
Cisco	Small Business Srp526W	All versions
Cisco	Small Business Srp527W	All versions
Cisco	Small Business Srp520-U Series Firmware	1.1.0
Cisco	Small Business Srp521W-U	All versions
Cisco	Small Business Srp526W-U	All versions
Cisco	Small Business Srp527W-U	All versions
Cisco	Small Business Srp540 Series Firmware	<= 1.02.01
Cisco	Small Business Srp541W	All versions
Cisco	Small Business Srp546W	All versions
Cisco	Small Business Srp547W	All versions

Related Weaknesses (CWE)

CWE-264

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20PatchVendor Advisory
http://www.securitytracker.com/id?1026736
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20PatchVendor Advisory
http://www.securitytracker.com/id?1026736

FAQ

What is CVE-2012-0364?

CVE-2012-0364 is a vulnerability with a CVSS score of 7.8 (HIGH). Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request...

How severe is CVE-2012-0364?

CVE-2012-0364 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-0364?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Small Business Srp520 Series Firmware, Cisco Small Business Srp521W, Cisco Small Business Srp526W, Cisco Small Business Srp527W, Cisco Small Business Srp520-U Series Firmware.