Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:CISCO:CONTROLLER-CSRF

Severity

 High

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Cisco Wireless Lan Controller 7.2.110.0 CSRF

Release Date

 2013/03/21

Update Number

 2247

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Cisco Wireless Lan Controller 7.2.110.0 CSRF


This signature detects attempts to exploit a known vulnerability against Cisco Wireless Lan Controller 7.2.110.0. A successful attack can lead to cross-site request forgery attacks and unauthorized session hijacks.

Extended Description

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.

Affected Products

  • cisco 2000_wireless_lan_controller
  • cisco 2100_wireless_lan_controller
  • cisco 2500_wireless_lan_controller -
  • cisco 4100_wireless_lan_controller
  • cisco 4400_wireless_lan_controller
  • cisco 5500_wireless_lan_controller -
  • cisco 7500_wireless_lan_controller -
  • cisco 8500_wireless_lan_controller -
  • cisco wireless_lan_controller_software 7.2.110.0

References

  • CVE: CVE-2012-5992

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out