Release date:
Updated on: 2013-02-01
Affected Systems:
Cisco Network Admission Control 4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57632
CVE (CAN) ID: CVE-2012-6029
The Cisco Network Admission Control (NAC) system consists of Cisco NAC Manager and servers. It is a policy component of the Cisco TrustSec solution.
Cisco Network Admission Control does not properly filter web authentication function parameters. attackers can execute arbitrary HTML and script code in browser sessions.
<* Source: vendor
Link: http://secunia.com/advisories/52016/
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (CVE-2012-6029) and patches for this:
CVE-2012-6029: Cisco NAC Appliance Cross-Site Scripting Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029