CVE-2012-5992

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) versions 7.2.110.0

Description The issue is related to cross-site request forgery (CSRF) vulnerabilities. An unauthenticated, remote attacker could exploit this by convincing a targeted user to follow a malicious link, potentially gaining unauthorized access to the affected application. The vulnerability is due to insufficient sanitization of user-supplied input processed by the WLC management web interface. API Endpoints: /screens/aaa/mgmtuser create.html /screens/base/web auth custom.html Vulnerable Parameters or Variables: headline

Recommendations For version 7.2.110.0, consider restricting access to the WLC management web interface until a patch is available. As a temporary workaround, avoid using the headline parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.