Vulnerability Details CVE-2023-45992
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 66.9%
CVSS Severity
CVSS v3 Score 9.6
References
- http://ruckus.com
- https://github.com/harry935/CVE-2023-45992
- https://server.cloudpath/
- https://server.cloudpath/admin/enrollmentData/
- https://support.ruckuswireless.com/security_bulletins/322
- http://ruckus.com
- https://github.com/harry935/CVE-2023-45992
- https://server.cloudpath/
- https://server.cloudpath/admin/enrollmentData/
- https://support.ruckuswireless.com/security_bulletins/322
Products affected by CVE-2023-45992
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.1.3483
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.11.5440
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.11.5462
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.12.5496
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.12.5514
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.12.5538
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.2.3585
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.2.3761
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.2.3847
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.2.3918
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.2.5939
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.4.4270
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.4.4284
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.4.4464
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.6.4580
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.6.4652
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.7.4732
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.7.4774
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.8.4966
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.8.5012
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.9.5118
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.9.5179
-
cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:5.9.5324