You are here
Home > Preporuke > Ranjivost Cisco bežičnog kontrolera u grafičkom korisničkom sučelju

Ranjivost Cisco bežičnog kontrolera u grafičkom korisničkom sučelju

by ncert - 0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20170927-ngwc

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12226

CVSS Score v(3): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device.

The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZy813ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlIeg/8C0tLPtq/afJfN7KY
ugzFlkFhahPT+k03GBkD0uufIQxCb8cVsDJ+9hIQYI9ST+KrIEUu3NePvY01dQbZ
ehm/GKhKaKC6YHHdW20SwUlRddQNuVdGssL0SIfT0dQ56dYbVo8w2UFZLB2oZia0
X1+VEeQ9GPQAuVeCsgX+Sj1dufqRgADzGWg4SVuKZcYTLL1ZEBs2vVVb80N3Cbfv
L55w3PqsZMlOI0jzpipdOx5sPGbWXxBz4fjBa8RWzJh20Ctim2XCjOjtXfI2TJZK
Cs68sxObqD/wPTf1tv8eG8mPO7zUGqeyLnLyOqfDINIOnuaVd2fFm0gkiP8NAADy
FoHdSbB/7FWcikwvGfAqU5MoRKwDbJGGiC8szLYgVp3bmsNlVoDlw6OQRn9Q+z1V
kZjetDenyavZ+kgtyNKzQcFMPBotjlb+lfijWCf7c/hklAyjeqD1YoVeNEe7Vnn4
cftL/J+gDJdxrLFHC4dsH5WljOL2jKdNcpIWw14wVdvTL++VpQbWEOV0MCHFJ5iN
1VEY0p+kWQWPkgaNl0W6wo72ODzzsufiB9v2zOEPl45yGsNqWdxI9GuBWHXT5/2x
LMc/xsmJ8pjiJXgPFElECkdhMFun5X9sYG4DEUMEDxsc/tsYcANoE2SCllC4zhlz
r1c5TA2BwvAu9uW0zPv6fhlWvj4=
=/PIf
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

ncert
Top
More in Preporuke
Ranjivost u Cisco Catalyst 6800 seriji preklopnika

Otkrivena je ranjivost u Virtual Private LAN Service (VPLS) kodu Cisco IOS softvera za Cisco Catalyst 6800 seriju preklopnika. Ranjivost...

Close