Lucene search

K

[email protected]NVD:CVE-2012-5992

HistoryDec 19, 2012 - 11:56 a.m.

CVE-2012-5992

2012-12-1911:56:00

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.0%

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.

Affected configurations

NVD

Node

ciscowireless_lan_controller_softwareMatch7.2.110.0

AND

cisco2000_wireless_lan_controller

OR

cisco2100_wireless_lan_controller

OR

cisco2500_wireless_lan_controllerMatch-

OR

cisco4100_wireless_lan_controller

OR

cisco4400_wireless_lan_controller

OR

cisco5500_wireless_lan_controllerMatch-

OR

cisco7500_wireless_lan_controllerMatch-

OR

cisco8500_wireless_lan_controllerMatch-

References

infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.0%

Related for NVD:CVE-2012-5992

cve2 prion2 cvelist2 cisco1 nvd1 packetstorm1 exploitpack1 seebug1 exploitdb1