Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nac Appliance | <= 4.9.2 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029Vendor Advisory
- http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029Vendor Advisory
- http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/
FAQ
What is CVE-2012-6029?
CVE-2012-6029 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via th...
How severe is CVE-2012-6029?
CVE-2012-6029 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6029?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nac Appliance.