Описание
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
Ссылки
- Not Applicable
- ExploitThird Party Advisory
- Broken Link
- Broken Link
- Vendor Advisory
- Not Applicable
- ExploitThird Party Advisory
- Broken Link
- Broken Link
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.12.5538 (включая)
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00551
Низкий
9.6 Critical
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 9.6
github
больше 2 лет назад
Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414 allows a remote attacker to escalate privileges via a crafted script to the macaddress parameter in the onboarding portal.
EPSS
Процентиль: 67%
0.00551
Низкий
9.6 Critical
CVSS3
Дефекты
CWE-79