Release date:
Updated on: 2013-06-04
Affected Systems:
Cisco Prime Infrastructure
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60263
CVE (CAN) ID: CVE-2013-1247
Cisco Prime Infrastructure is a solution for wireless management through Cisco technology LMS and NCS.
An HTML injection vulnerability exists in the wireless configuration Module of Cisco Prime Infrastructure 1.2.0. Unauthorized database operations can be performed after successful exploitation. This vulnerability occurs because the SSID is not correctly processed when an XML window table is displayed.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1247
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (CVE-2013-1247) and patches for this:
CVE-2013-1247: Cisco Prime Infrastructure Cross-Site Scripting Vulnerability From Rogue AP SSIDs
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1247