CVE-2012-5992
Cisco Wireless Lan Controller 7.2.110.0 - Multiple Vulnerabilities
Severity Score
9.6
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en dispositivos Cisco Wireless LAN Controller (WLC) con software v7.2.110.0 permiten a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que (1) agregan cuentas de administración a través de screens/aaa/mgmtuser_create.html o (2) insertan secuencias XSS a través del parámetro 'headline' para screens/base/web_auth_custom.html. También conocido como Bug ID CSCud50283.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-11-21 CVE Reserved
- 2012-12-13 First Exploit
- 2012-12-19 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/23361 | 2012-12-13 | |
| http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | 7.2.110.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version "7.2.110.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 2000 Wireless Lan Controller Search vendor "Cisco" for product "2000 Wireless Lan Controller" | * | - |
Affected
|
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | 7.2.110.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version "7.2.110.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 2100 Wireless Lan Controller Search vendor "Cisco" for product "2100 Wireless Lan Controller" | * | - |
Affected
|
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | 7.2.110.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version "7.2.110.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 2500 Wireless Lan Controller Search vendor "Cisco" for product "2500 Wireless Lan Controller" | - | - |
Affected
|
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | 7.2.110.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version "7.2.110.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4100 Wireless Lan Controller Search vendor "Cisco" for product "4100 Wireless Lan Controller" | * | - |
Affected
|
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | 7.2.110.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version "7.2.110.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4400 Wireless Lan Controller Search vendor "Cisco" for product "4400 Wireless Lan Controller" | * | - |
Affected
|
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | 7.2.110.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version "7.2.110.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 5500 Wireless Lan Controller Search vendor "Cisco" for product "5500 Wireless Lan Controller" | - | - |
Affected
|
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | 7.2.110.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version "7.2.110.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 7500 Wireless Lan Controller Search vendor "Cisco" for product "7500 Wireless Lan Controller" | - | - |
Affected
|
| Cisco Search vendor "Cisco" | Wireless Lan Controller Software Search vendor "Cisco" for product "Wireless Lan Controller Software" | 7.2.110.0 Search vendor "Cisco" for product "Wireless Lan Controller Software" and version "7.2.110.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8500 Wireless Lan Controller Search vendor "Cisco" for product "8500 Wireless Lan Controller" | - | - |
Affected
|