RCE in Cisco Rvs4000

CVE-2011-1646

The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.006 (70.5th percentile) — read the EPSS interpretation.

Affected products

Cisco Rvs4000 — versions 1, 2
Cisco Rvs4000_software — versions 1.3.0.5, 1.3.1.0, 1.3.2.0
Cisco Wrvs4400n — versions 1.0, 1.1, 2
Cisco Wrvs4400n_software — versions 1.3.0.5, 1.3.1.0, 1.3.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1025565 (vdb-entry, x_refsource_SECTRACK)