N/A

The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.

N/A

N/A

Cisco WLC Web界面安全漏洞

Cisco Wireless LAN Controller（WLC）是美国思科（Cisco）公司的一款无线局域网控制器产品。该产品在无线局域网中提供安全策略、入侵检测等功能。 Cisco WLC设备的Web界面中存在安全漏洞，该漏洞源于程序没有正确限制使用IFRAME元素。远程攻击者可利用该漏洞实施点击劫持攻击或跨框架脚本攻击，也可能存在其他形式的攻击。

N/A

N/A