Detections
Analytics
Cisco Wireless Control System SQL Injection (cisco-sa-20100811-wcs) (credentialed check)
high Nessus Plugin ID 69132
Language:
Synopsis
A wireless management application installed on the remote host has a SQL injection vulnerability.Description
According to its self-reported version, the version of Cisco Wireless Control System installed on the remote host is 6.0.x before 6.0.196.0. Such versions have a SQL injection vulnerability. A remote, authenticated attacker could exploit this to modify the configuration of WCS or any wireless devices managed by WCS.Solution
Upgrade to Cisco Wireless Control System version 6.0.196.0 or later.See Also
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20100811-wcs.html
Plugin Details
Severity: High
ID: 69132
File Name: cisco_wcs_6_0_196_0.nasl
Version: 1.8
Type: local
Family: CGI abuses
Published: 7/30/2013
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2010-2826
Vulnerability Information
CPE: cpe:/a:cisco:wireless_control_system_software
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/11/2010
Vulnerability Publication Date: 8/11/2010
Reference Information
CVE: CVE-2010-2826
BID: 42368
CISCO-SA: cisco-sa-20100811-wcs
CISCO-BUG-ID: CSCtf37019