Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-5992

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.

Published

2012-12-19T11:56:00.250

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	wireless_lan_controller_software	7.2.110.0	Yes
Hardware	cisco	2000_wireless_lan_controller	*	Yes
Hardware	cisco	2100_wireless_lan_controller	*	Yes
Hardware	cisco	2500_wireless_lan_controller	-	Yes
Hardware	cisco	4100_wireless_lan_controller	*	Yes
Hardware	cisco	4400_wireless_lan_controller	*	Yes
Hardware	cisco	5500_wireless_lan_controller	-	Yes
Hardware	cisco	7500_wireless_lan_controller	-	Yes
Hardware	cisco	8500_wireless_lan_controller	-	Yes

References

http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html Exploit ([email protected])
http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html Exploit (af854a3a-2127-422b-91ae-364da2661108)