CVE-2012-5992

2012-12-1911:56:00

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

71.4%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.

Affected configurations

Nvd

Node

ciscowireless_lan_controller_softwareMatch7.2.110.0

AND

cisco2000_wireless_lan_controller

cisco2100_wireless_lan_controller

cisco2500_wireless_lan_controllerMatch-

cisco4100_wireless_lan_controller

cisco4400_wireless_lan_controller

cisco5500_wireless_lan_controllerMatch-

cisco7500_wireless_lan_controllerMatch-

cisco8500_wireless_lan_controllerMatch-

VendorProductVersionCPE
ciscowireless_lan_controller_software7.2.110.0cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*
cisco2000_wireless_lan_controller*cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*
cisco2100_wireless_lan_controller*cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*
cisco2500_wireless_lan_controller-cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*
cisco4100_wireless_lan_controller*cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*
cisco4400_wireless_lan_controller*cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*
cisco5500_wireless_lan_controller-cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*
cisco7500_wireless_lan_controller-cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*
cisco8500_wireless_lan_controller-cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	wireless_lan_controller_software	7.2.110.0	cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:::::::*
cisco	2000_wireless_lan_controller	*	cpe:2.3:h:cisco:2000_wireless_lan_controller::::::::
cisco	2100_wireless_lan_controller	*	cpe:2.3:h:cisco:2100_wireless_lan_controller::::::::
cisco	2500_wireless_lan_controller	-	cpe:2.3:h:cisco:2500_wireless_lan_controller:-:::::::*
cisco	4100_wireless_lan_controller	*	cpe:2.3:h:cisco:4100_wireless_lan_controller::::::::
cisco	4400_wireless_lan_controller	*	cpe:2.3:h:cisco:4400_wireless_lan_controller::::::::
cisco	5500_wireless_lan_controller	-	cpe:2.3:h:cisco:5500_wireless_lan_controller:-:::::::*
cisco	7500_wireless_lan_controller	-	cpe:2.3:h:cisco:7500_wireless_lan_controller:-:::::::*
cisco	8500_wireless_lan_controller	-	cpe:2.3:h:cisco:8500_wireless_lan_controller:-:::::::*