CVE-2012-5992
Last modified
CVE-2012-5992 is a vulnerability of currently unknown severity. Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.. EPSS estimates a 1.78% chance of exploitation in the next 30 days.
Description
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Wireless Lan Controller Software | 7.2.110.0 |
| Cisco | 2000 Wireless Lan Controller | All versions |
| Cisco | 2100 Wireless Lan Controller | All versions |
| Cisco | 2500 Wireless Lan Controller | All versions |
| Cisco | 4100 Wireless Lan Controller | All versions |
| Cisco | 4400 Wireless Lan Controller | All versions |
| Cisco | 5500 Wireless Lan Controller | All versions |
| Cisco | 7500 Wireless Lan Controller | All versions |
| Cisco | 8500 Wireless Lan Controller | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-5992?
How severe is CVE-2012-5992?
How do I fix CVE-2012-5992?
Are you affected by CVE-2012-5992?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST