COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-45992

CVE-2023-45992

Severity
critical
Source
NVD · cve
Published
2023-10-19
CVSS
9.6
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-45992
⚡ RCE shame 50/100 rce

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, comb

Players implicated

commscope · vendorruckus cloudpath enrollment system · product

Description

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.