Published: 17/08/2010 Updated: 26/07/2011

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x prior to 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco wireless control system software 6.0.182.0
cisco wireless control system software 6.0.181.0
cisco wireless control system software 6.0.170.0
cisco wireless control system software 6.0.132.0
cisco wireless control system software
cisco wireless control system software 6.0

Cisco Wireless Control System (WCS) contains a SQL injection vulnerability that could allow an authenticated attacker full access to the vulnerable device, including modification of system configuration; create, modify and delete users; or modify the configuration of wireless devices managed by WCS Cisco has released software updates t ...

CWE-89 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100811-wcs

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2826

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect