Lucene search

K

[email protected]NVD:CVE-2012-6007

HistoryDec 19, 2012 - 11:56 a.m.

CVE-2012-6007

2012-12-1911:56:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.

Affected configurations

NVD

Node

ciscowireless_lan_controller_softwareMatch7.2.110.0

AND

cisco2000_wireless_lan_controller

OR

cisco2100_wireless_lan_controller

OR

cisco2500_wireless_lan_controllerMatch-

OR

cisco4100_wireless_lan_controller

OR

cisco4400_wireless_lan_controller

OR

cisco5500_wireless_lan_controllerMatch-

OR

cisco7500_wireless_lan_controllerMatch-

OR

cisco8500_wireless_lan_controllerMatch-

References

infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

Related for NVD:CVE-2012-6007

cvelist2 cve2 prion2 packetstorm1 exploitpack1 seebug1 exploitdb1 nvd1 cisco1