Cisco® Small Business SA500 Series Security Appliances contain two web interface vulnerabilities – one that can be exploited by an authenticated user, and one by an unauthenticated user.
These vulnerabilities affect the following devices with firmware less than version 2.1.19:
Cisco has released free software updates that address this security vulnerability. Workarounds that mitigate this vulnerability are also available.
For more information and details for workarounds and obtaining free software updates, read the full security advisory.