CVE-2012-5992: XSS
First published: Wed Dec 19 2012(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Wireless LAN Controller (WLC) Software | =7.2.110.0 | |
| Cisco 2000 Wireless LAN Controller | ||
| Cisco 2100 Wireless LAN Controller | ||
| Cisco 2500 Wireless LAN Controller | ||
| Cisco 4100 Wireless LAN Controller | ||
| Cisco 4400 Wireless Lan Controller | ||
| Cisco 5500 Wireless LAN Controller | ||
| Cisco 7500 Wireless LAN Controller | ||
| Cisco 8500 Wireless LAN Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-5992?
CVE-2012-5992 is classified as a medium severity vulnerability due to its potential exploitation through cross-site request forgery.
How do I fix CVE-2012-5992?
To fix CVE-2012-5992, update the Cisco Wireless LAN Controller to a version that addresses the CSRF vulnerabilities.
What systems are affected by CVE-2012-5992?
The vulnerable systems include Cisco Wireless LAN Controllers running software version 7.2.110.0 and various models from the 2000, 2500, 4100, 4400, 5500, 7500, and 8500 series.
What is a cross-site request forgery in the context of CVE-2012-5992?
Cross-site request forgery in CVE-2012-5992 allows an attacker to trick an authenticated administrator into executing unwanted actions on Cisco WLC devices.
Can CVE-2012-5992 lead to unauthorized access?
Yes, if exploited, CVE-2012-5992 can allow remote attackers to hijack administrator sessions and gain unauthorized access to management functions.
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco wireless lan controller (wlc) software
- version/cisco wireless lan controller (wlc) software/7.2.110.0
- canonical/cisco 2000 wireless lan controller
- canonical/cisco 2100 wireless lan controller
- canonical/cisco 2500 wireless lan controller
- canonical/cisco 4100 wireless lan controller
- canonical/cisco 4400 wireless lan controller
- canonical/cisco 5500 wireless lan controller
- canonical/cisco 7500 wireless lan controller
- canonical/cisco 8500 wireless lan controller