CVE-2012-5992

Cisco Wireless LAN Controller Software CSRF via Admin Account Creation or XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5992.

AI-analyzed exploit summary The exploit demonstrates a chained attack against Cisco Wireless Lan Controller 7.2.110.0, combining CSRF to add an administrator account, persistent XSS via crafted input fields, and a DoS trigger via a malformed GET request. The PoC includes functional HTML/JavaScript code for CSRF and XSS, along with a documented DoS vector requiring authentication.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.

Exploits (1)

exploitdb WORKING POC
doshardware
https://www.exploit-db.com/exploits/23361

The exploit demonstrates a chained attack against Cisco Wireless Lan Controller 7.2.110.0, combining CSRF to add an administrator account, persistent XSS via crafted input fields, and a DoS trigger via a malformed GET request. The PoC includes functional HTML/JavaScript code for CSRF and XSS, along with a documented DoS vector requiring authentication.

Classification
Working Poc 100%
Attack Type
Xss | Dos | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Cisco Wireless Lan Controller 7.2.110.0
Auth required
Prerequisites: Authenticated session on the target WLC · Victim interaction for CSRF/XSS · Network access to the WLC
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Scores

EPSS 0.0178
EPSS Percentile 75.5%

Details

CWE
CWE-352
Status published
Products (9)
cisco/2000_wireless_lan_controller
cisco/2100_wireless_lan_controller
cisco/2500_wireless_lan_controller
cisco/4100_wireless_lan_controller
cisco/4400_wireless_lan_controller
cisco/5500_wireless_lan_controller
cisco/7500_wireless_lan_controller
cisco/8500_wireless_lan_controller
cisco/wireless_lan_controller_software 7.2.110.0
Published Dec 19, 2012
Tracked Since Feb 18, 2026