ID

VAR-201212-0167


CVE

CVE-2012-5992


TITLE

Cisco Wireless LAN Controller Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2012-7486 // CNNVD: CNNVD-201212-212

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283. Cisco Wireless LAN Controller (WLC) The device contains a cross-site request forgery vulnerability. The Cisco Wireless LAN Controller, because it does not adequately filter user-supplied input, allows unauthenticated remote attackers to exploit this vulnerability to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. A cross-site request-forgery vulnerability 2. An HTML-injection vulnerability 3. A denial-of-service vulnerability These issues are being tracked by Cisco Bug IDs: CSCud50283, CSCud65187, and CSCud50209. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, steal cookie-based authentication credentials, and cause the application to crash, denying service to legitimate users. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA51546 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51546/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51546 RELEASE DATE: 2012-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/51546/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51546/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51546 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Wireless Lan Controller, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site. The vulnerability is reported in versions 5.x, 6.x, and 7.0 through 7.4. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Jacob Holcomb (Gimppy042) ORIGINAL ADVISORY: http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2012-5992 // JVNDB: JVNDB-2012-005753 // CNVD: CNVD-2012-7486 // BID: 56929 // VULHUB: VHN-59273 // PACKETSTORM: 118848

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-7486

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.2.110.0

Trust: 1.6

vendor:ciscomodel:4400 wireless lan controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:2000 wireless lan controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:8500 wireless lan controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:2500 wireless lan controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:2100 wireless lan controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:5500 wireless lan controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:7500 wireless lan controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:4100 wireless lan controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:2000 series wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:2100 series wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:2106 wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:2112 wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:2125 wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:2500 series wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:2504 wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:4100 series wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:4400 series wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:4402 wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:4404 wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:airespace 4000 series wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:lteversion:software 7.2

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:lteversion:7.2

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:lteversion:<=7.2

Trust: 0.6

sources: CNVD: CNVD-2012-7486 // JVNDB: JVNDB-2012-005753 // CNNVD: CNNVD-201212-212 // NVD: CVE-2012-5992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5992
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-5992
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201212-212
value: MEDIUM

Trust: 0.6

VULHUB: VHN-59273
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-5992
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-59273
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-59273 // JVNDB: JVNDB-2012-005753 // CNNVD: CNNVD-201212-212 // NVD: CVE-2012-5992

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-59273 // JVNDB: JVNDB-2012-005753 // NVD: CVE-2012-5992

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201212-212

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201212-212

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005753

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-59273

PATCH

title:27640url:http://tools.cisco.com/security/center/viewAlert.x?alertId=27640

Trust: 0.8

sources: JVNDB: JVNDB-2012-005753

EXTERNAL IDS

db:NVDid:CVE-2012-5992

Trust: 3.4

db:BIDid:56929

Trust: 0.9

db:JVNDBid:JVNDB-2012-005753

Trust: 0.8

db:EXPLOIT-DBid:23361

Trust: 0.7

db:SECUNIAid:51546

Trust: 0.7

db:CNVDid:CNVD-2012-7486

Trust: 0.6

db:CNNVDid:CNNVD-201212-212

Trust: 0.6

db:VULHUBid:VHN-59273

Trust: 0.1

db:PACKETSTORMid:118848

Trust: 0.1

sources: CNVD: CNVD-2012-7486 // VULHUB: VHN-59273 // BID: 56929 // JVNDB: JVNDB-2012-005753 // PACKETSTORM: 118848 // CNNVD: CNNVD-201212-212 // NVD: CVE-2012-5992

REFERENCES

url:http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5992

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5992

Trust: 0.8

url:http://www.exploit-db.com/exploits/23361/http

Trust: 0.6

url:http://secunia.com/advisories/51546

Trust: 0.6

url:http://www.securityfocus.com/bid/56929

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:http://secunia.com/advisories/51546/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51546

Trust: 0.1

url:http://secunia.com/advisories/51546/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/blog/325/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-7486 // VULHUB: VHN-59273 // BID: 56929 // JVNDB: JVNDB-2012-005753 // PACKETSTORM: 118848 // CNNVD: CNNVD-201212-212 // NVD: CVE-2012-5992

CREDITS

Jacob Holcomb

Trust: 0.9

sources: BID: 56929 // CNNVD: CNNVD-201212-212

SOURCES

db:CNVDid:CNVD-2012-7486
db:VULHUBid:VHN-59273
db:BIDid:56929
db:JVNDBid:JVNDB-2012-005753
db:PACKETSTORMid:118848
db:CNNVDid:CNNVD-201212-212
db:NVDid:CVE-2012-5992

LAST UPDATE DATE

2024-11-23T22:39:07.007000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-7486date:2012-12-17T00:00:00
db:VULHUBid:VHN-59273date:2013-01-30T00:00:00
db:BIDid:56929date:2012-12-13T00:00:00
db:JVNDBid:JVNDB-2012-005753date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201212-212date:2012-12-21T00:00:00
db:NVDid:CVE-2012-5992date:2024-11-21T01:45:38.653

SOURCES RELEASE DATE

db:CNVDid:CNVD-2012-7486date:2012-12-17T00:00:00
db:VULHUBid:VHN-59273date:2012-12-19T00:00:00
db:BIDid:56929date:2012-12-13T00:00:00
db:JVNDBid:JVNDB-2012-005753date:2012-12-20T00:00:00
db:PACKETSTORMid:118848date:2012-12-14T04:19:25
db:CNNVDid:CNNVD-201212-212date:2012-12-17T00:00:00
db:NVDid:CVE-2012-5992date:2012-12-19T11:56:00.250