Vulnerabilites related to cisco - wireless_control_system_software
CVE-2011-4014 (GCVE-0-2011-4014)
Vulnerability from cvelistv5
Published
2012-05-02 10:00
Modified
2024-08-06 23:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html"
},
{
"name": "1027011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-18T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html"
},
{
"name": "1027011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-4014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html"
},
{
"name": "1027011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-4014",
"datePublished": "2012-05-02T10:00:00",
"dateReserved": "2011-10-06T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2826 (GCVE-0-2010-2826)
Vulnerability from cvelistv5
Published
2010-08-13 20:00
Modified
2024-09-17 01:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100811 SQL Injection Vulnerability in Cisco Wireless Control System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-13T20:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20100811 SQL Injection Vulnerability in Cisco Wireless Control System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100811 SQL Injection Vulnerability in Cisco Wireless Control System",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-2826",
"datePublished": "2010-08-13T20:00:00Z",
"dateReserved": "2010-07-23T00:00:00Z",
"dateUpdated": "2024-09-17T01:05:39.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2986 (GCVE-0-2010-2986)
Vulnerability from cvelistv5
Published
2010-08-09 20:00
Modified
2024-08-07 02:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42216",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"name": "20100804 Cisco Wireless Control System XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512878/100/0/threaded"
},
{
"name": "40827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42216",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"name": "20100804 Cisco Wireless Control System XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512878/100/0/threaded"
},
{
"name": "40827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42216"
},
{
"name": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt",
"refsource": "MISC",
"url": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt"
},
{
"name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"name": "20100804 Cisco Wireless Control System XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512878/100/0/threaded"
},
{
"name": "40827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2986",
"datePublished": "2010-08-09T20:00:00",
"dateReserved": "2010-08-09T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2987 (GCVE-0-2010-2987)
Vulnerability from cvelistv5
Published
2010-08-09 20:00
Modified
2024-09-16 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"name": "40827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-09T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"name": "40827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"name": "40827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2987",
"datePublished": "2010-08-09T20:00:00Z",
"dateReserved": "2010-08-09T00:00:00Z",
"dateUpdated": "2024-09-16T22:55:56.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-08-10 12:23
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C754F-C126-4363-A965-49205D92F300",
"versionEndIncluding": "6.0.188.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:3.2.78.0:*:*:*:*:*:*:*",
"matchCriteriaId": "357C618B-DF8F-4FB4-9C49-491852677984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.0.155.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D1D2FC-0C61-48E0-9BEF-A9770C4BF5E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C92C153-0AA1-47C9-B4F0-6823F0B32F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.1.83.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47C0B1E8-1C88-476C-88A1-2BA50BDCA851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.1.91.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3800664A-0AA1-46CD-A73D-8D734378DFF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.1.171.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA186C0A-32C3-41F4-AF67-D3CB17DBC88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.1.191.xm:*:*:*:*:*:*:*",
"matchCriteriaId": "437151E2-6368-448C-9313-5D2F8BC02C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.1.192.35m:*:*:*:*:*:*:*",
"matchCriteriaId": "254E4172-E08A-41A6-A6D8-7112CAD318A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.1.192.xm:*:*:*:*:*:*:*",
"matchCriteriaId": "451A2C64-84A0-4400-A1D4-843BCD10D5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.62.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EA9C01-D568-4A01-A8F8-C194EC026035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.62.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3B6F52-F023-43F0-A544-65807B52495C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.81.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAC9C22-67D4-44E2-BCA4-FF337CFCE300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1F07C-A281-4262-92CA-C8D26CB658E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5DEF5A-2E45-478A-A9F7-34C6D1F37F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.128.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44941345-6298-4B0A-B549-480DCD2E6FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54575431-6C23-4D41-9CA2-768F39714009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.173.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC84854-3970-454D-8B05-C0E6A15BFE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.176.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31A29A50-CDEC-4CC1-BFAF-ED4EC38AF650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:4.2.209.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A18F6F25-62F5-4069-B1F5-9EB5FAA43225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.0.56.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA249E97-D24E-4507-8E29-394DA6066EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.0.56.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3F6111-E9D4-49FD-A2A9-35CB1B9F809E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.0.148.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21DF8062-4D11-492E-9F70-8BB327609D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.1.64.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4BA5AE-1BB4-406A-AF28-561FB218C391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.1.65.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C02398-E3D8-4180-B07E-258754040D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.1.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99056BCC-2B32-4F2F-AE0C-0678A7753887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.2.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B38484C0-8EB6-4FAE-A22D-3BE0D8602DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.2.125.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726692A7-0F47-47B9-A04E-B31F0BD73F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.2.130.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBADB1E-8C44-4854-A3ED-557744C3B393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.2.148.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83C38FE7-C60F-476F-9704-22E6C4D6B181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:5.2.157.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC815C0-276A-44DA-9A2E-453D86923874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13E52795-7C27-4E3B-ABDC-549AC9728B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.132.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8486474-1D58-4165-92A7-AB9079B8A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.170.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5A7438-651D-4080-B587-EBAEBA0098F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.181.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E09E8ADF-0D0C-493C-B2A8-58DF6F725E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41489DF2-0A3B-4A5D-A296-03BCE07F5220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09379903-D1CB-424A-BCBC-2FA88FA826FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:7.0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFC4BDD-CF79-4B1E-B3B6-BF82A74B0ECA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en webacs/QuickSearchAction.do de la opci\u00f3n de b\u00fasqueda del interfaz web de Cisco Wireless Control System (WCS) anterior a v6.0(194.0) y v7.x anterior a v7.0.164, permite a atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s del par\u00e1metro searchText, tambi\u00e9n conocido como Bug ID CSCtf14288."
}
],
"id": "CVE-2010-2986",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-10T12:23:06.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40827"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/512878/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42216"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/512878/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-02 10:09
Modified
2025-04-11 00:51
Severity ?
Summary
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_control_system_software | 7.0.164.0 | |
| cisco | wireless_control_system_software | 7.0.164.3 | |
| cisco | wireless_control_system_software | 7.0.172.0 | |
| cisco | wireless_control_system_software | 7.0.220.0 | |
| cisco | wireless_control_system_software | 7.0.230.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:7.0.164.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38FE0BA2-0CCD-4C93-B1C0-0A78B1380430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:7.0.164.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9911FD-0B70-4C3C-8AD1-B676DFD40EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:7.0.172.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9037469-A03A-4AD9-A94B-1E09C559C8C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:7.0.220.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0322A431-FE33-401A-96DC-3884DF73353C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:7.0.230.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7AA7E2-E29E-4087-821D-0360E689E457",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807."
},
{
"lang": "es",
"value": "La herramienta TAC Case Attachment en Cisco Wireless Control System (WCS) v7.0 permite a usuarios remotos autenticados leer ficheros arbitrarios en webnms/Temp/ a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCtq86807."
}
],
"id": "CVE-2011-4014",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-02T10:09:21.753",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1027011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027011"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-17 05:41
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_control_system_software | * | |
| cisco | wireless_control_system_software | 6.0 | |
| cisco | wireless_control_system_software | 6.0.132.0 | |
| cisco | wireless_control_system_software | 6.0.170.0 | |
| cisco | wireless_control_system_software | 6.0.181.0 | |
| cisco | wireless_control_system_software | 6.0.182.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C754F-C126-4363-A965-49205D92F300",
"versionEndIncluding": "6.0.188.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13E52795-7C27-4E3B-ABDC-549AC9728B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.132.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8486474-1D58-4165-92A7-AB9079B8A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.170.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5A7438-651D-4080-B587-EBAEBA0098F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.181.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E09E8ADF-0D0C-493C-B2A8-58DF6F725E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.182.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41489DF2-0A3B-4A5D-A296-03BCE07F5220",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en \"Cisco Wireless Control System\" (WCS) versi\u00f3n v6.0.x anteriores a la v6.0.196.0 permite a usuarios autenticados remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores de ataque relacionados con la expresi\u00f3n ORDER BY de las pantallas de \"Client List\" (lista de clientes), tambi\u00e9n conocido como Bug ID CSCtf37019."
}
],
"id": "CVE-2010-2826",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-17T05:41:21.613",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-10 12:23
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_control_system_software | 7.0 | |
| cisco | unified_wireless_network_solution_software | 7.0 | |
| cisco | unified_wireless_network_solution_software | 7.0.98.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09379903-D1CB-424A-BCBC-2FA88FA826FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_wireless_network_solution_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3199EF5-5086-4DDE-997F-9F7F15E9BB21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:unified_wireless_network_solution_software:7.0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFF7663-19E4-4DD8-BCA0-C1B03F630312",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cisco Wireless Control System (WCS) v7.x anterior a v7.0.164, como las usadas en Cisco Unified Wireless Network (UWN) Solution v7.x anterior a v7.0.98.0, permite atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCtg33854."
}
],
"id": "CVE-2010-2987",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-10T12:23:06.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40827"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}