{"schema_version":"public-product-v1.1","generated_at":"2026-06-10T07:47:04Z","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","advisory":{"id":"Cisco-SA-20121213-CVE-2012-5992","slug":"cisco-sa-20121213-cve-2012-5992","vendor":"Cisco","title":"Cisco Wireless LAN Controller Cross-Site Request Forgery Vulnerability","summary":"Cisco Wireless LAN Controller (WLC) Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input processed by the WLC management web interface of the affected software. An unauthenticated, remote attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could allow the attacker to gain unauthorized access to the affected application, which could be used to conduct further attacks. Cisco confirmed the vulnerability in a security bug report; however, software updates are not available. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco would like to thank security researcher Jacob Holcomb for reporting this vulnerability.","severity":"Medium","published_at":"2012-12-13T20:28:31Z","updated_at":"2012-12-13T20:28:31Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20121213-CVE-2012-5992","csaf_url":"https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/Cisco-SA-20121213-CVE-2012-5992/csaf/Cisco-SA-20121213-CVE-2012-5992.json","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure."},"freshness":{"last_source_refreshed_at":"2026-05-26T00:00:03Z","latest_source_refresh_at":"2026-05-26T00:00:03Z","oldest_source_refresh_at":"2026-05-22T00:16:33Z","all_sources_fresh":false,"sources":[{"source":"cisco_advisories","label":"Cisco advisories","last_success_at":"2026-05-26T00:00:03Z","stale":true},{"source":"cisco_csaf","label":"Cisco CSAF","last_success_at":"2026-05-25T03:03:26Z","stale":true},{"source":"nvd_cves","label":"NVD CVEs","last_success_at":"2026-05-22T00:16:33Z","stale":true},{"source":"cisa_kev","label":"CISA KEV","last_success_at":"2026-05-22T00:16:34Z","stale":true},{"source":"first_epss","label":"EPSS","last_success_at":"2026-05-22T00:16:40Z","stale":true}]},"summary":{"cve_count":1,"visible_product_count":1,"public_evidence_count":1,"kev_count":0,"highest_epss":0.00592,"highest_cvss":6.8},"cves":[{"id":"CVE-2012-5992","description":"Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.","severity":"MEDIUM","kev":false,"epss":{"score":0.00592,"percentile":0.6946,"score_date":"2026-05-19","updated_at":"2026-05-20T02:10:43Z"},"cvss_score":6.8,"cvss_source":"NVD","cwe":"CWE-352","published_at":"2012-12-19T11:56:00Z","modified_at":"2026-04-29T01:13:23Z"}],"public_evidence":[{"product":{"name":"Cisco Wireless LAN Controller (WLC)","slug":"cisco-wireless-lan-controller-wlc","vendor":"Cisco"},"cve":{"id":"CVE-2012-5992"},"evidence_type":"structured_affected","evidence_label":{"scope":"CSAF product evidence","label":"product_status known affected"},"evidence_source":"Cisco CSAF","source":"Cisco CSAF","source_document_fetched_at":"2026-05-19T20:04:27Z","csaf_status":"known_affected","csaf_product_status":"known_affected","csaf_product_status_path":"vulnerabilities[].product_status.known_affected","raw_product_name":"7.0.116.0; 7.0.220.0; 7.0.98.0; 7.0.98.218; 7.1.91.0; 7.2.103.0","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","exposure_verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","kev":false,"epss":{"score":0.00592,"score_date":"2026-05-19","updated_at":"2026-05-20T02:10:43Z"},"cvss_score":6.8,"cvss_source":"NVD","published_at":"2012-12-13T20:28:31Z","updated_at":"2012-12-13T20:28:31Z","advisory_updated_at":"2012-12-13T20:28:31Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20121213-CVE-2012-5992","row_display_order":1}]}