Summary
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2012-12-19 |
| Product | 7500 Wireless Lan Controller | Last view | 2013-05-03 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:* | 8 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2013-05-03 | CVE-2013-1235 | Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507. |
| 9 | 2013-01-24 | CVE-2013-1105 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653. |
| 9 | 2013-01-24 | CVE-2013-1104 | The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. |
| 7.8 | 2013-01-24 | CVE-2013-1103 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. |
| 7.8 | 2013-01-24 | CVE-2013-1102 | The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743. |
| 4.3 | 2012-12-19 | CVE-2012-6007 | Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992. |
| 6.8 | 2012-12-19 | CVE-2012-5992 | Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283. |
| 6.3 | 2012-12-19 | CVE-2012-5991 | screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 33% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 33% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
ExploitDB Exploits
| id | Description |
|---|---|
| 23361 | Cisco Wireless Lan Controller 7.2.110.0 Multiple Vulnerabilities |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0022 | Multiple Security Vulnerabilities in Cisco Wireless LAN Controller Severity: Category I - VMSKEY: V0036642 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-09-25 | Name: The remote device is missing a vendor-supplied security update. File: cisco-sa-20130123-wlc.nasl - Type: ACT_GATHER_INFO |
