mailing list archives
Cisco Wireless Control System XSS
From: "Tom Neaves" <tom () tomneaves com>
Date: Wed, 04 Aug 2010 20:36:21 +0100 (BST)
Product Name: Cisco Wireless Control System
Date: 4 August, 2010
Author: tom () tomneaves com <tom () tomneaves com>
Original URL: http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt
Discovered: 8 July, 2010
Disclosed: 4 August, 2010
The Cisco Wireless Control System (WCS) is a web interface that allows centralised management
and reporting within a Cisco wireless infrastructure.
A Cross-site Scripting (XSS) vulnerability exists within the search function on the
Cisco Wireless Control System (WCS) web interface due to insufficient input validation.
This enables attackers to prepare links for a website that includes code that is executed
by the browser visiting this website.
The affected script is "/webacs/QuickSearchAction.do", namely the "searchText" parameter.
Although not tested due to limitations, it is likely that all other parameters related to
this script will also be affected by this issue.
Affected Versions: All versions of Cisco WCS up to and including 18.104.22.168. Some versions of
7.0 *may* be affected. Interim versions 7.0(118.0) and 6.0(194.0) are not vulnerable.
III. VENDOR RESPONSE
8 July, 2010 - Contacted vendor.
8 July, 2010 - Vendor acknowledged and confirmed vulnerability - will include in maintenance patch.
4 August, 2010 - Vendor releases maintenance patch (Cisco Bug ID = CSCtf14288).
4 August, 2010 - Vulnerability publicly disclosed.
Discovered by Tom Neaves (Verizon Business)
- Cisco Wireless Control System XSS Tom Neaves (Aug 05)