Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
References
Link | Resource |
---|---|
http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2022-10-03T16:15:30
Updated: 2022-10-03T16:15:30
Reserved: 2022-10-03T00:00:00
Link: CVE-2012-5992
JSON object: View
NVD Information
Status : Analyzed
Published: 2012-12-19T11:56:00.250
Modified: 2013-01-30T05:00:00.000
Link: CVE-2012-5992
JSON object: View
Redhat Information
No data.
CWE