Description
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025565
Scores
EPSS
0.0190
EPSS Percentile
77.1%
Details
CWE
CWE-94
Status
published
Products (13)
cisco/rvs4000
1
cisco/rvs4000
2
cisco/rvs4000_software
1.3.0.5
cisco/rvs4000_software
1.3.1.0
cisco/rvs4000_software
1.3.2.0
cisco/rvs4000_software
2.0.0.3
cisco/wrvs4400n
1.0
cisco/wrvs4400n
1.1
cisco/wrvs4400n
2
cisco/wrvs4400n_software
1.3.0.5
... and 3 more
Published
May 31, 2011
Tracked Since
Feb 18, 2026