CVE-2023-45992

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
http://ruckus.com	Not Applicable
https://github.com/harry935/CVE-2023-45992	Exploit Third Party Advisory
https://server.cloudpath/	Broken Link
https://server.cloudpath/admin/enrollmentData/	Broken Link
https://support.ruckuswireless.com/security_bulletins/322	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-10-19 19:15

Updated : 2024-01-12 20:50

NVD link : CVE-2023-45992

Mitre link : CVE-2023-45992

CVE.ORG link : CVE-2023-45992

JSON object : View

Products Affected

commscope

ruckus_cloudpath_enrollment_system

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-45992", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2023-10-19T19:15:16.223", "references": [{"url": "http://ruckus.com", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://github.com/harry935/CVE-2023-45992", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://server.cloudpath/", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://server.cloudpath/admin/enrollmentData/", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://support.ruckuswireless.com/security_bulletins/322", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web del producto RUCKUS Cloudpath en la versi\u00f3n 5.12 build 5538 o anterior podr\u00eda permitir que un atacante remoto no autenticado ejecute ataques XSS y CSRF persistentes contra un usuario de la interfaz de gesti\u00f3n de administraci\u00f3n. Un ataque exitoso, combinado con una determinada actividad administrativa, podr\u00eda permitir al atacante obtener privilegios completos de administrador en el sistema explotado."}], "lastModified": "2024-01-12T20:50:42.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C21536CD-2726-476D-A01C-1DF492A24F9A", "versionEndIncluding": "5.12.5538"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}