CVE-2023-45992

Name of the Vulnerable Software and Affected Versions RUCKUS Cloudpath version 5.12 build 5538 or before

Description A vulnerability in the web-based interface of the RUCKUS Cloudpath product could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. The vulnerability can be exploited via a crafted script to the macaddress parameter in the onboarding portal.

Recommendations For RUCKUS Cloudpath version 5.12 build 5538 or before, consider disabling the onboarding portal or restricting access to the macaddress parameter until a patch is available. As a temporary workaround, avoid using the macaddress parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.