关联漏洞
标题:Ruckus Wireless Ruckus CloudPath 跨站脚本漏洞 (CVE-2023-45992)Description:Ruckus Wireless Ruckus CloudPath是一种网络访问控制(NAC)解决方案,用于管理网络用户的身份和访问权限,特别是在Wi-Fi网络中。它的目标是提供高级的网络访问管理和安全性功能,确保用户可以安全地连接到网络,并且网络资源受到保护。 Ruckus Wireless Ruckus CloudPath 5.12.54414 版本存在跨站脚本漏洞,该漏洞源于通过精心设计的脚本将权限升级到入门门户中的 macaddress 参数。
介绍
# CVE-2023-45992
A vulnerability in Ruckus CloudPath 5.12 build 5538 or before could allows a remote unauthenticated attacker to obtain full administrator privileges by leveraging Stored Cross-Site Scripting and Cross-Site Request Forgery Vulnerability using a crafted script. On 16 Oct 2023, the vendor has published version 5.12 build 5550 which resolved the vulnerability.
# POC
Technical details of the vulnerability will be published in the future.
# References
https://support.ruckuswireless.com/security_bulletins/322<br>
https://www.cve.org/CVERecord?id=CVE-2023-45992
文件快照
[4.0K] /data/pocs/3c1003115cff5d6a64dabb2fae81d77677f52730
└── [ 577] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →