lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1280950421.9414@tomneaves.com>
Date: Wed, 04 Aug 2010 20:33:41 +0100 (BST)
From: "Tom Neaves" <tom@...neaves.com>
To: bugtraq@...urityfocus.com; full-disclosure@...ts.grok.org.uk
Subject: Cisco Wireless Control System XSS

Product Name: Cisco Wireless Control System
Vendor: http://www.cisco.com
Date: 4 August, 2010
Author: tom@...neaves.com <tom@...neaves.com>
Original URL: http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt
Discovered: 8 July, 2010
Disclosed: 4 August, 2010

I. DESCRIPTION

The Cisco Wireless Control System (WCS) is a web interface that allows centralised management
and reporting within a Cisco wireless infrastructure.

II. DETAILS

A Cross-site Scripting (XSS) vulnerability exists within the search function on the
Cisco Wireless Control System (WCS) web interface due to insufficient input validation.
This enables attackers to prepare links for a website that includes code that is executed
by the browser visiting this website.

---

The affected script is "/webacs/QuickSearchAction.do", namely the "searchText" parameter.
Although not tested due to limitations, it is likely that all other parameters related to
this script will also be affected by this issue.
---

Affected Versions: All versions of Cisco WCS up to and including 6.0.181.0.  Some versions of
7.0 *may* be affected.  Interim versions 7.0(118.0) and 6.0(194.0) are not vulnerable.

III. VENDOR RESPONSE

8 July, 2010 - Contacted vendor.
8 July, 2010 - Vendor acknowledged and confirmed vulnerability - will include in maintenance patch.
4 August, 2010 - Vendor releases maintenance patch (Cisco Bug ID = CSCtf14288).
4 August, 2010 - Vulnerability publicly disclosed.

IV. CREDIT

Discovered by Tom Neaves (Verizon Business)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ