Cross-Site Request Forgery Vulnerabilities in Cisco Wireless LAN Controller
CVE-2012-5992

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Lan Controller Software; 2000 Wireless Lan Controller; 2100 Wireless Lan Controller; 2500 Wireless Lan Controller
Vendor: CVE Published:; 19 December 2012

Summary

Cisco Wireless LAN Controller devices running software version 7.2.110.0 contain multiple vulnerabilities that allow attackers to perform unauthorized actions without the knowledge or consent of the administrator. These vulnerabilities enable adversaries to hijack administrator authentication, facilitating the addition of unauthorized management accounts and the insertion of cross-site scripting (XSS) payloads into web authentication screens. This poses significant risks of unauthorized access and data compromise, making it critical for organizations to thoroughly secure their devices against these threats.

References

http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-a...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 19, 2012