Information Security all in one place!

Cisco Security Advisory: Cisco Small Business SRP 500 Series

Cisco Releases Security Advisory for Cisco Small Business SRP 500 Series

Cisco Small Business (SRP 500) Series Services Ready Platforms contain the following three vulnerabilities:

* Cisco SRP 500 Series Web Interface Command Injection
Vulnerability
* Cisco SRP 500 Series Unauthenticated Configuration Upload
Vulnerability
* Cisco SRP 500 Series Directory Traversal Vulnerability

These vulnerabilities can be exploited using sessions to the Services Ready Platform Configuration Utility web interface. These vulnerabilities could be exploited from the local LAN side of the SRP
device by default configuration and the WAN side of the SRP device if remote management is enabled.  Remote management is disabled by default.

Cisco has released free software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities are available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500

The following Cisco SRP 520 Series models are affected if running firmware prior to version 1.1.26:

 * Cisco SRP 521W
 * Cisco SRP 526W
 * Cisco SRP 527W

The following Cisco SRP 520W-U Series models are affected if running firmware prior to version 1.2.4:

 * Cisco SRP 521W-U
 * Cisco SRP 526W-U
 * Cisco SRP 527W-U

The following Cisco SRP 540 Series models are affected if running firmware prior to version 1.2.4:

 * Cisco SRP 541W
 * Cisco SRP 546W
 * Cisco SRP 547W

To view the firmware version on a device, log in to the Services Ready Platform Configuration Utility and navigate to the Status > Router page to view information about the Cisco SRP Series device and its firmware status.  The Firmware Version field indicates the current running version of firmware on the Cisco SRP 500 Series device.

More information regarding these vulnerabilities:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

The latest Cisco SRP 500 Series Services Ready Platforms firmware can

be downloaded at:
http://www.cisco.com/cisco/software/navigator.html?mdfid=282736194&i=rm

Advertisements

3 responses

  1. Pingback: Cisco Releases Multiple Security Advisories « NetSecurityIT.com – NSIT

  2. Pingback: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers « NetSecurityIT.com – NSIT

  3. Pingback: Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability « NetSecurityIT.com – NSIT

Let's hear what you have to say.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s