Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Prime Network Control System Health Monitor Reflected XSS

Apologies for the n00b question,

 

I am a security manager not a Cisco guru so please bear with me

 

Our Nessus scanner has picked this vulnerability up

 

Nessus states that there is no fix

 

Looking on Cisco's bug search the status is set to fixed, 

 

https://tools.cisco.com/bugsearch/bug/CSCud18375

 

I found this article on Cisco's website

 

Multiple Vulnerabilities in the WLSE Appliance - Cisco 2011-12-10

 

  

There are two vulnerabilities that exist in the CiscoWorks Wireless LAN Solution Engine (WLSE). The first is a cross site scripting (XSS) vulnerability that may allow an attacker to gain administrative privileges on the system. The second is a local privilege escalation vulnerability that can be used by an attacker who already has authenticated access to the command line interface to obtain access to the underlying operating system. Cisco has made free software available to address this vulnerability for affected customers. This advisory is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060419-wlse

 

Is WLSE part of WCS or am I grasping at straws here? Our techies don't seem to think so

 

We are currently running CISCO Wireless Controller System (WCS) running on Version 7.0.240.0 which is end of life

 

Is there an upgrade path for newer software?

 

Has anyone else encountered this issue

 

http://www.kb.cert.org/vuls/id/830316

  • Security and Network Management
Everyone's tags (2)
77
Views
0
Helpful
0
Replies