- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: CIS
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability
Advisory ID: cisco-sa-20170927-ngwc
Revision: 1.0
For Public Release: 2017 September 27 16:00 GMT
Last Updated: 2017 September 27 16:00 GMT
CVE ID(s): CVE-2017-12226
CVSS Score v(3): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device.
The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device.
Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc”]
—–BEGIN PGP SIGNATURE—–
iQKBBAEBAgBrBQJZy813ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlIeg/8C0tLPtq/afJfN7KY
ugzFlkFhahPT+k03GBkD0uufIQxCb8cVsDJ+9hIQYI9ST+KrIEUu3NePvY01dQbZ
ehm/GKhKaKC6YHHdW20SwUlRddQNuVdGssL0SIfT0dQ56dYbVo8w2UFZLB2oZia0
X1+VEeQ9GPQAuVeCsgX+Sj1dufqRgADzGWg4SVuKZcYTLL1ZEBs2vVVb80N3Cbfv
L55w3PqsZMlOI0jzpipdOx5sPGbWXxBz4fjBa8RWzJh20Ctim2XCjOjtXfI2TJZK
Cs68sxObqD/wPTf1tv8eG8mPO7zUGqeyLnLyOqfDINIOnuaVd2fFm0gkiP8NAADy
FoHdSbB/7FWcikwvGfAqU5MoRKwDbJGGiC8szLYgVp3bmsNlVoDlw6OQRn9Q+z1V
kZjetDenyavZ+kgtyNKzQcFMPBotjlb+lfijWCf7c/hklAyjeqD1YoVeNEe7Vnn4
cftL/J+gDJdxrLFHC4dsH5WljOL2jKdNcpIWw14wVdvTL++VpQbWEOV0MCHFJ5iN
1VEY0p+kWQWPkgaNl0W6wo72ODzzsufiB9v2zOEPl45yGsNqWdxI9GuBWHXT5/2x
LMc/xsmJ8pjiJXgPFElECkdhMFun5X9sYG4DEUMEDxsc/tsYcANoE2SCllC4zhlz
r1c5TA2BwvAu9uW0zPv6fhlWvj4=
=/PIf
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com
| Autor | Vlatka Misic |
| Cert id | NCERT-REF-2017-09-0084-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
