Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Prime Network Control System Health Monitor Reflected XSS

Apologies for the n00b question,


I am a security manager not a Cisco guru so please bear with me


Our Nessus scanner has picked this vulnerability up


Nessus states that there is no fix


Looking on Cisco's bug search the status is set to fixed,


I found this article on Cisco's website


Multiple Vulnerabilities in the WLSE Appliance - Cisco 2011-12-10



There are two vulnerabilities that exist in the CiscoWorks Wireless LAN Solution Engine (WLSE). The first is a cross site scripting (XSS) vulnerability that may allow an attacker to gain administrative privileges on the system. The second is a local privilege escalation vulnerability that can be used by an attacker who already has authenticated access to the command line interface to obtain access to the underlying operating system. Cisco has made free software available to address this vulnerability for affected customers. This advisory is available at


Is WLSE part of WCS or am I grasping at straws here? Our techies don't seem to think so


We are currently running CISCO Wireless Controller System (WCS) running on Version which is end of life


Is there an upgrade path for newer software?


Has anyone else encountered this issue

  • Security and Network Management
Everyone's tags (2)