First published: Thu Oct 19 2023(Updated: )
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Commscope Ruckus Cloudpath Enrollment System | <=5.12.5538 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-45992 is a Cross Site Scripting (XSS) vulnerability found in Ruckus Wireless (CommScope) Ruckus CloudPath version 5.12 build 54414 and earlier.
CVE-2023-45992 has a severity rating of 9.6 (Critical).
The affected software version of CVE-2023-45992 is Ruckus Wireless (CommScope) Ruckus CloudPath version 5.12 build 54414 and earlier.
An attacker can exploit CVE-2023-45992 by performing persistent Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks against a user of the admin management interface.
Yes, you can find references for CVE-2023-45992 at the following URLs: http://ruckus.com, https://github.com/harry935/CVE-2023-45992, and https://server.cloudpath/.