Vulnerability Description
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Commscope | Ruckus Cloudpath Enrollment System | <= 5.12.5538 |
Related Weaknesses (CWE)
References
- http://ruckus.comNot Applicable
- https://github.com/harry935/CVE-2023-45992ExploitThird Party Advisory
- https://server.cloudpath/Broken Link
- https://server.cloudpath/admin/enrollmentData/Broken Link
- https://support.ruckuswireless.com/security_bulletins/322Vendor Advisory
- http://ruckus.comNot Applicable
- https://github.com/harry935/CVE-2023-45992ExploitThird Party Advisory
- https://server.cloudpath/Broken Link
- https://server.cloudpath/admin/enrollmentData/Broken Link
- https://support.ruckuswireless.com/security_bulletins/322Vendor Advisory
FAQ
What is CVE-2023-45992?
CVE-2023-45992 is a vulnerability with a CVSS score of 9.6 (CRITICAL). A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF att...
How severe is CVE-2023-45992?
CVE-2023-45992 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-45992?
Check the references section above for vendor advisories and patch information. Affected products include: Commscope Ruckus Cloudpath Enrollment System.