CVE-2023-45992

CRITICAL

RUCKUS Cloudpath <5.12.5538 - XSS/CSRF

Title source: llm

Description

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.

Exploits (1)

nomisec SUSPICIOUS

by harry935 · poc

https://github.com/harry935/CVE-2023-45992

View Code ZIP pw:eip

References (5)

[Not Applicable] http://ruckus.com

[Exploit, Third Party Advisory] https://github.com/harry935/CVE-2023-45992

[Broken Link] https://server.cloudpath/

[Broken Link] https://server.cloudpath/admin/enrollmentData/

[Vendor Advisory] https://support.ruckuswireless.com/security_bulletins/322

Scores

CVSS v3 9.6

EPSS 0.0055

EPSS Percentile 68.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-352 CWE-79

Status published

Products (1)

commscope/ruckus_cloudpath_enrollment_system < 5.12.5538

Published Oct 19, 2023

Tracked Since Feb 18, 2026