Site icon Liquidmatrix Security Digest

Multiple Vulnerabilities in Cisco WLSE Appliance

A couple of vulnerabilities in the Cisco WLSE (Wirless Lan Solution Engine), can allow for remote code execution and total compromise of the box.

1. The first is a cross site scripting (XSS) vulnerability that may allow an attacker to gain administrative privileges on the system
2. The second is a local privilege escalation vulnerability that can be used by an attacker who already has authenticated access to the command line interface to obtain access to the underlying operating system.

The Cisco WLSE is intended to be a management and configuration platform for Cisco APs, to secure, configure, manage, detect and mitigate rogues and configure encryption. An attacker can place rogue APs, and misconfigure encryption on all of the APs managed by this system.

Advisory Link

Exit mobile version