Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Wireless Lan Controller Software | 7.2.110.0 |
| Cisco | 2000 Wireless Lan Controller | All versions |
| Cisco | 2100 Wireless Lan Controller | All versions |
| Cisco | 2500 Wireless Lan Controller | - |
| Cisco | 4100 Wireless Lan Controller | All versions |
| Cisco | 4400 Wireless Lan Controller | All versions |
| Cisco | 5500 Wireless Lan Controller | - |
| Cisco | 7500 Wireless Lan Controller | - |
| Cisco | 8500 Wireless Lan Controller | - |
Related Weaknesses (CWE)
References
- http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.htmlExploit
- http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.htmlExploit
FAQ
What is CVE-2012-5992?
CVE-2012-5992 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators ...
How severe is CVE-2012-5992?
CVE-2012-5992 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5992?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Controller Software, Cisco 2000 Wireless Lan Controller, Cisco 2100 Wireless Lan Controller, Cisco 2500 Wireless Lan Controller, Cisco 4100 Wireless Lan Controller.