Cisco Prime Network Control System Health Monitor Reflected XSS

anthonycaddick · ‎10-28-2014

Apologies for the n00b question,

I am a security manager not a Cisco guru so please bear with me

Our Nessus scanner has picked this vulnerability up

Nessus states that there is no fix

Looking on Cisco's bug search the status is set to fixed,

I found this article on Cisco's website

Multiple Vulnerabilities in the WLSE Appliance - Cisco 2011-12-10
		There are two vulnerabilities that exist in the CiscoWorks Wireless LAN Solution Engine (WLSE). The first is a cross site scripting (XSS) vulnerability that may allow an attacker to gain administrative privileges on the system. The second is a local privilege escalation vulnerability that can be used by an attacker who already has authenticated access to the command line interface to obtain access to the underlying operating system. Cisco has made free software available to address this vulnerability for affected customers. This advisory is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060419-wlse

Is WLSE part of WCS or am I grasping at straws here? Our techies don't seem to think so

We are currently running CISCO Wireless Controller System (WCS) running on Version 7.0.240.0 which is end of life

Is there an upgrade path for newer software?

Has anyone else encountered this issue