All the vulnerabilites related to cisco - 8500_wireless_lan_controller
Vulnerability from fkie_nvd
Published
2012-12-19 11:56
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en screens/base/web_auth_custom.html en dispositivos Cisco Wireless LAN Controller (WLC) con software v7.2.110.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro \u0027title\u0027. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCud65187 . Se trata de una vulnerabilidad diferente a CVE-2012-5992a.\r\n"
}
],
"id": "CVE-2012-6007",
"lastModified": "2024-11-21T01:45:38.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-19T11:56:00.297",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Exploit"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-04 03:24
Modified
2024-11-21 01:49
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2106_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C58D0FC-9466-46D8-9292-110A502849AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2112_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A95FD5A-FCC2-42C8-91AD-2F8C823CBFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2125_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "584BBBE4-6E19-47BE-99B6-4370CEA91BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2504_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2B56FF-7F15-4926-A570-472BC675306F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4402_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98007A4-43AC-40F6-9032-BB83B33B6E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4404_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "883A22D1-2529-49BB-92A4-0CE2C1F327C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:airespace_4000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "824C533A-2951-442A-86FD-BC90DAFEEBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E08C420-97C2-4323-9388-D6C32E83BBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507."
},
{
"lang": "es",
"value": "Cisco Wireless LAN Controller (WLC) no gestiona adecuadamente el consumo de recursos de las sesiones TELNET terminadas, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio haciendo muchas conexiones Telnet y acabando de forma inadecuada con las mismas, tambi\u00e9n conocido como Bug ID CSCug35507."
}
],
"id": "CVE-2013-1235",
"lastModified": "2024-11-21T01:49:10.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-04T03:24:41.720",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-19 11:56
Modified
2024-11-21 01:45
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en dispositivos Cisco Wireless LAN Controller (WLC) con software v7.2.110.0 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores de las solicitudes que (1) agregan cuentas de administraci\u00f3n a trav\u00e9s de screens/aaa/mgmtuser_create.html o (2) insertan secuencias XSS a trav\u00e9s del par\u00e1metro \u0027headline\u0027 para screens/base/web_auth_custom.html. Tambi\u00e9n conocido como Bug ID CSCud50283.\r\n"
}
],
"id": "CVE-2012-5992",
"lastModified": "2024-11-21T01:45:38.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-19T11:56:00.250",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Exploit"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2024-11-21 01:48
Severity ?
Summary
The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B84AFFD-117A-4E7C-8F2C-01DF5DE4EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1855D021-7914-4862-B613-97F6664AE33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D96188C-F969-46A4-9600-D64FB8123031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7499D-75A9-46A9-9129-BCD18533B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CCF4BD-4C5D-41BB-932C-52B428270B44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743."
},
{
"lang": "es",
"value": "El sistema de prevenci\u00f3n de intrusiones inal\u00e1mbricas (WIPS) de Cisco Wireless LAN Controller (WLC) de los dispositivos con software v7.0 antes de v7.0.235.0, v7.1 y v7.2 antes de v7.2.110.0 y v7.3 antes de v7.3.101.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicios (dispositivo de recarga) a trav\u00e9s de paquetes IP manipulados, ID de error alias CSCtx80743."
}
],
"id": "CVE-2013-1102",
"lastModified": "2024-11-21T01:48:54.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:05.900",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/51965"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1028027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028027"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2024-11-21 01:48
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B84AFFD-117A-4E7C-8F2C-01DF5DE4EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1855D021-7914-4862-B613-97F6664AE33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D96188C-F969-46A4-9600-D64FB8123031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7499D-75A9-46A9-9129-BCD18533B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CCF4BD-4C5D-41BB-932C-52B428270B44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659."
},
{
"lang": "es",
"value": "Cisco Wireless LAN Controller (WLC) son software v7.0 anterior a v7.0.220.0, v7.1 anterior a v7.1.91.0, y v7.2 anterior a v7.2.103.0 permite a atacantes remotos generar una denegaci\u00f3n de servicio (reinicio del punto de acceso) mediante paquetes SIP especialmente dise\u00f1ados, tambi\u00e9n conocido como Bug ID CSCts87659."
}
],
"id": "CVE-2013-1103",
"lastModified": "2024-11-21T01:48:54.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:05.947",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/89530"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/51965"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1028027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028027"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-19 11:56
Modified
2024-11-21 01:45
Severity ?
Summary
screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209."
},
{
"lang": "es",
"value": "screens/base/web_auth_custom.html en dispositivos Cisco Wireless LAN Controller (WLC) con software v7.2.110.0 permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (reinicio del dispositivo) a trav\u00e9s de un cierto valor en buttonClicked en una petici\u00f3n webauth_type interna. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCud50209.\r\n"
}
],
"id": "CVE-2012-5991",
"lastModified": "2024-11-21T01:45:38.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-19T11:56:00.220",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Exploit"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2024-11-21 01:48
Severity ?
Summary
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B84AFFD-117A-4E7C-8F2C-01DF5DE4EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1855D021-7914-4862-B613-97F6664AE33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0.220.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C89ACF8-7D47-48A9-A6B5-C2250D52D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D96188C-F969-46A4-9600-D64FB8123031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7499D-75A9-46A9-9129-BCD18533B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EECAA5-5D9F-4696-8DFB-6F1C3D5E7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4F9E21-A0AB-4E18-B3E6-13DE2206974C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CCF4BD-4C5D-41BB-932C-52B428270B44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653."
},
{
"lang": "es",
"value": "Dispositivos Cisco Wireless LAN Controller (WLC) con software v7.0 anterior a v7.0.235.3, v7.1 y v7.2 anterior a v7.2.111.3, y v7.3 anterior a v7.3.101.0, permite a usuarios remotos autentificados saltarse las configuraciones wireless-management y leer o modificar la configuraci\u00f3n del dispositivo a trav\u00e9s de una petici\u00f3n SNMP, tambi\u00e9n conocido como Bug ID CSCua60653."
}
],
"id": "CVE-2013-1105",
"lastModified": "2024-11-21T01:48:55.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:06.023",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/89532"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/51965"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1028027"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81490"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2024-11-21 01:48
Severity ?
Summary
The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233C6A0-9674-4C6D-ACC0-CC654CF117C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636."
},
{
"lang": "es",
"value": "La funcionalidad de perfiles HTTP en Cisco Wireless LAN Controller (WLC) de los dispositivos con software v7.3.101.0 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cabecera manipulada HTTP User-Agent, tambi\u00e9n conocido como Bug ID CSCuc15636."
}
],
"id": "CVE-2013-1104",
"lastModified": "2024-11-21T01:48:54.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:05.977",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/89533"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/51965"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1028027"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81489"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-5992
Vulnerability from cvelistv5
Published
2012-12-19 11:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
References
| ▼ | URL | Tags |
|---|---|---|
| http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-19T11:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-5992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-5992",
"datePublished": "2012-12-19T11:00:00Z",
"dateReserved": "2012-11-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:03:47.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5991
Vulnerability from cvelistv5
Published
2012-12-19 11:00
Modified
2024-09-16 17:22
Severity ?
EPSS score ?
Summary
screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209.
References
| ▼ | URL | Tags |
|---|---|---|
| http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-19T11:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-5991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-5991",
"datePublished": "2012-12-19T11:00:00Z",
"dateReserved": "2012-11-21T00:00:00Z",
"dateUpdated": "2024-09-16T17:22:51.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1105
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2024-08-06 14:49
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/89532 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/51965 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81490 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/57524 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028027 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "89532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89532"
},
{
"name": "51965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51965"
},
{
"name": "cisco-wlc-unauth-access(81490)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81490"
},
{
"name": "57524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "89532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89532"
},
{
"name": "51965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51965"
},
{
"name": "cisco-wlc-unauth-access(81490)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81490"
},
{
"name": "57524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "89532",
"refsource": "OSVDB",
"url": "http://osvdb.org/89532"
},
{
"name": "51965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51965"
},
{
"name": "cisco-wlc-unauth-access(81490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81490"
},
{
"name": "57524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1105",
"datePublished": "2013-01-24T21:00:00",
"dateReserved": "2013-01-11T00:00:00",
"dateUpdated": "2024-08-06T14:49:20.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1235
Vulnerability from cvelistv5
Published
2013-05-04 01:00
Modified
2024-09-17 02:58
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:04.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130503 Cisco Wireless Lan Controller Telnet Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-04T01:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130503 Cisco Wireless Lan Controller Telnet Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130503 Cisco Wireless Lan Controller Telnet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1235",
"datePublished": "2013-05-04T01:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-17T02:58:04.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1102
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2024-08-06 14:49
Severity ?
EPSS score ?
Summary
The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/51965 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/57524 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028027 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51965"
},
{
"name": "57524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "51965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51965"
},
{
"name": "57524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51965"
},
{
"name": "57524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1102",
"datePublished": "2013-01-24T21:00:00",
"dateReserved": "2013-01-11T00:00:00",
"dateUpdated": "2024-08-06T14:49:20.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1104
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2024-08-06 14:49
Severity ?
EPSS score ?
Summary
The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/89533 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/51965 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/57524 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028027 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81489 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "89533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89533"
},
{
"name": "51965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51965"
},
{
"name": "57524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028027"
},
{
"name": "cisco-wlc-profiling-code-exec(81489)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "89533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89533"
},
{
"name": "51965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51965"
},
{
"name": "57524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028027"
},
{
"name": "cisco-wlc-profiling-code-exec(81489)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81489"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "89533",
"refsource": "OSVDB",
"url": "http://osvdb.org/89533"
},
{
"name": "51965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51965"
},
{
"name": "57524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028027"
},
{
"name": "cisco-wlc-profiling-code-exec(81489)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81489"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1104",
"datePublished": "2013-01-24T21:00:00",
"dateReserved": "2013-01-11T00:00:00",
"dateUpdated": "2024-08-06T14:49:20.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1103
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2024-08-06 14:49
Severity ?
EPSS score ?
Summary
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/51965 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/57524 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/89530 | vdb-entry, x_refsource_OSVDB | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028027 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51965"
},
{
"name": "57524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "89530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89530"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "51965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51965"
},
{
"name": "57524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "89530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89530"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51965"
},
{
"name": "57524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "89530",
"refsource": "OSVDB",
"url": "http://osvdb.org/89530"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1103",
"datePublished": "2013-01-24T21:00:00",
"dateReserved": "2013-01-11T00:00:00",
"dateUpdated": "2024-08-06T14:49:20.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6007
Vulnerability from cvelistv5
Published
2012-12-19 11:00
Modified
2024-09-17 03:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.
References
| ▼ | URL | Tags |
|---|---|---|
| http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-19T11:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-6007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-6007",
"datePublished": "2012-12-19T11:00:00Z",
"dateReserved": "2012-11-21T00:00:00Z",
"dateUpdated": "2024-09-17T03:08:23.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}