CVE-2012-5991

Published: Dec 19, 2012Modified: Apr 29, 2026

6.3

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:C

Exploitability: 6.8 / Impact: 6.9

Source: NVD

Description

screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209.

Affected (9)

Products: Cisco: Wireless Lan Controller Software, 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2500 Wireless Lan Controller, 4100 Wireless Lan Controller, 4400 Wireless Lan Controller, 5500 Wireless Lan Controller, 7500 Wireless Lan Controller, 8500 Wireless Lan Controller

Cisco

9 products

Wireless Lan Controller Software

2000 Wireless Lan Controller

2100 Wireless Lan Controller

2500 Wireless Lan Controller

4100 Wireless Lan Controller

4400 Wireless Lan Controller

5500 Wireless Lan Controller

7500 Wireless Lan Controller

8500 Wireless Lan Controller

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Cisco Wireless Lan Controller Software	Version 7.2.110.0
Cisco 2000 Wireless Lan Controller	All versions
Cisco 2100 Wireless Lan Controller	All versions
Cisco 2500 Wireless Lan Controller	All versions
Cisco 4100 Wireless Lan Controller	All versions
Cisco 4400 Wireless Lan Controller	All versions
Cisco 5500 Wireless Lan Controller	All versions
Cisco 7500 Wireless Lan Controller	All versions
Cisco 8500 Wireless Lan Controller	All versions

References (2)

http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html

Source: psirt@cisco.com

Exploit

http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.