Cisco Prime Infrastructure 异常AP SSID HTML注入漏洞
Cisco Prime Infrastructure 异常AP SSID HTML注入漏洞
发布日期:2013-05-21
更新日期:2013-06-04
受影响系统:
Cisco Prime Infrastructure
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 60263
CVE(CAN) ID: CVE-2013-1247
Cisco Prime Infrastructure是通过思科技术LMS和NCS进行无线管理的解决方案。
Cisco Prime Infrastructure 1.2.0的wireless configuration模块中存在HTML注入漏洞,成功利用后可导致未授权数据库操作。此漏洞源于在显示XML窗口表时没有正确处理SSID。
<*来源:Cisco
链接:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1247
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(CVE-2013-1247)以及相应补丁:
CVE-2013-1247:Cisco Prime Infrastructure Cross-Site Scripting Vulnerability From Rogue AP SSIDs
链接:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1247
评论暂时关闭