Cisco WLC Web-Based Management Interface XSS Vulnerability (CSCuf77810)

medium Nessus Plugin ID 72460

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A vulnerability in the web-based management interface of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.

The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a crafted URL.

Solution

Apply the relevant patch referenced in Cisco Bug Id CSCuf77810.

See Also

http://www.nessus.org/u?e97b7c0f

Plugin Details

Severity: Medium

ID: 72460

File Name: cisco-sn-CSCuf77810-wlc.nasl

Version: 1.9

Type: combined

Family: CISCO

Published: 2/12/2014

Updated: 8/20/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/h:cisco:wireless_lan_controller, cpe:/o:cisco:wireless_lan_controller_software

Required KB Items: Host/Cisco/WLC/Version, Host/Cisco/WLC/Port

Exploit Ease: No known exploits are available

Patch Publication Date: 10/2/2013

Vulnerability Publication Date: 10/2/2013

Reference Information

CVE: CVE-2013-5519

BID: 62787

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

CISCO-BUG-ID: CSCuf77810