CVE-2006-5741

Name of the Vulnerable Software and Affected Versions: AirMagnet Enterprise versions prior to 7.5 build 6307

Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the 404 error page of the Smart Sensor Edge Sensor, the user name for a failed logon displayed in the audit journals reviewing interface at "/AirMagnetSensor/AMSensor.dll/XH" by the Smart Sensor Edge Sensor log viewer, and an SSID of an AP displayed on an ACL page at "/Amom/Amom.dll/BD" of the Enterprise Server Status Overview in the Enterprise Server Web interface.

Recommendations: For versions prior to 7.5 build 6307, update to version 7.5 build 6307 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints, such as "/AirMagnetSensor/AMSensor.dll/XH" and "/Amom/Amom.dll/BD", until a patch is applied. Avoid using user-supplied input for the user name and SSID variables in the affected interfaces until the issue is resolved.