CVE-2012-5992

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Lan Controller Software; 2000 Wireless Lan Controller; 2100 Wireless Lan Controller; 2500 Wireless Lan Controller
Vendor: CVE Published:; 19 December 2012

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.

References

http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-a...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 19, 2012