Cisco Wireless Control System XSS

2010.08.11
Credit: Tom Neaves
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

Product Name: Cisco Wireless Control System Vendor: http://www.cisco.com Date: 4 August, 2010 Author: tom (at) tomneaves (dot) com [email concealed] <tom (at) tomneaves (dot) com [email concealed]> Original URL: http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt Discovered: 8 July, 2010 Disclosed: 4 August, 2010 I. DESCRIPTION The Cisco Wireless Control System (WCS) is a web interface that allows centralised management and reporting within a Cisco wireless infrastructure. II. DETAILS A Cross-site Scripting (XSS) vulnerability exists within the search function on the Cisco Wireless Control System (WCS) web interface due to insufficient input validation. This enables attackers to prepare links for a website that includes code that is executed by the browser visiting this website. --- The affected script is "/webacs/QuickSearchAction.do", namely the "searchText" parameter. Although not tested due to limitations, it is likely that all other parameters related to this script will also be affected by this issue. --- Affected Versions: All versions of Cisco WCS up to and including 6.0.181.0. Some versions of 7.0 *may* be affected. Interim versions 7.0(118.0) and 6.0(194.0) are not vulnerable. III. VENDOR RESPONSE 8 July, 2010 - Contacted vendor. 8 July, 2010 - Vendor acknowledged and confirmed vulnerability - will include in maintenance patch. 4 August, 2010 - Vendor releases maintenance patch (Cisco Bug ID = CSCtf14288). 4 August, 2010 - Vulnerability publicly disclosed. IV. CREDIT Discovered by Tom Neaves (Verizon Business)

Referencje:

http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt
http://www.securityfocus.com/bid/42216
http://www.securityfocus.com/archive/1/archive/1/512878/100/0/threaded
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
http://secunia.com/advisories/40827


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top