Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2012-6029

Vulnerability from fkie_nvd - Published: 2013-01-31 12:06 - Updated: 2025-04-11 00:51

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029	Vendor Advisory
psirt@cisco.com	http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/

Impacted products

Vendor	Product	Version
cisco	nac_appliance	*
cisco	nac_appliance	-
cisco	nac_appliance	3.6
cisco	nac_appliance	4.0
cisco	nac_appliance	4.1
cisco	nac_appliance	4.5
cisco	nac_appliance	4.6
cisco	nac_appliance	4.7
cisco	nac_appliance	4.7.1
cisco	nac_appliance	4.7.2
cisco	nac_appliance	4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33B0326-450D-4A0D-921C-882648C0D909",
              "versionEndIncluding": "4.9.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A22731E5-02B7-481A-925D-DF0B6A1CCA68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B0688C2-582A-49DE-917E-C74124F4ADD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11D5E336-EA9B-449E-B9B9-EA7F5901545D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EE45899-8EA3-411F-82ED-C731498AAD65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8953EA9-0F23-403A-974C-61EA0339C42B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BC1BB3-BB3B-455B-A266-827294717B70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA925FCD-C2DB-451E-8C03-958C3A40B342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "04A81F45-7C52-48A6-8DF7-13286741DBE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B764128-14BA-41A3-BE45-CB3D7D39DE5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nac_appliance:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "21EAE487-8FC8-4518-A260-DE6DB2E217C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n de autenticaci\u00f3n web de Cisco NAC Appliance v4.9.2 y anteriores que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) cm o (2) par\u00e1metros uri a (a) perfigo_weblogin.jsp, o el (3) cm, (4) provider, (5) session, (6) uri, (7) userip, o (8) par\u00e1metros username a (b) perfigo_cm_validate.jsp, tambi\u00e9n como Bug ID CSCud15109."
    }
  ],
  "id": "CVE-2012-6029",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-31T12:06:18.283",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-6029 (GCVE-0-2012-6029)

Vulnerability from cvelistv5 – Published: 2013-01-31 11:00 – Updated: 2024-08-06 21:21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://www.secureworks.com/cyber-threat-intellige…	x_refsource_MISC
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:21:28.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
          },
          {
            "name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-02T10:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
        },
        {
          "name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-6029",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/",
              "refsource": "MISC",
              "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
            },
            {
              "name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-6029",
    "datePublished": "2013-01-31T11:00:00",
    "dateReserved": "2012-11-21T00:00:00",
    "dateUpdated": "2024-08-06T21:21:28.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-6029 (GCVE-0-2012-6029)

Vulnerability from nvd – Published: 2013-01-31 11:00 – Updated: 2024-08-06 21:21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://www.secureworks.com/cyber-threat-intellige…	x_refsource_MISC
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:21:28.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
          },
          {
            "name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-02T10:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
        },
        {
          "name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-6029",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/",
              "refsource": "MISC",
              "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
            },
            {
              "name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-6029",
    "datePublished": "2013-01-31T11:00:00",
    "dateReserved": "2012-11-21T00:00:00",
    "dateUpdated": "2024-08-06T21:21:28.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

3 vulnerabilities found for nac_appliance by cisco

FKIE_CVE-2012-6029

CVE-2012-6029 (GCVE-0-2012-6029)

CVE-2012-6029 (GCVE-0-2012-6029)