CVE-2011-2546

Published: Jul 28, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.

Affected (11)

Products: Cisco: Sa500 Software, Sa520, Sa520w, Sa540

4 products

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Cisco Sa500 Software	Up to 2.1.18
Cisco Sa500 Software	Version 1.0.14
Cisco Sa500 Software	Version 1.0.15
Cisco Sa500 Software	Version 1.0.17
Cisco Sa500 Software	Version 1.0.39
Cisco Sa500 Software	Version 1.1.21
Cisco Sa500 Software	Version 1.1.42
Cisco Sa500 Software	Version 1.1.65
Cisco Sa520	All versions
Cisco Sa520w	All versions
Cisco Sa540	All versions

Related CWEs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (10)

http://secunia.com/advisories/45355

Source: psirt@cisco.com

Vendor Advisory

http://securitytracker.com/id?1025810

Source: psirt@cisco.com

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/48812

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/68737

Source: psirt@cisco.com

http://secunia.com/advisories/45355

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1025810

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/48812

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/68737

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.