Skip to main content

2000 Wireless Lan Controller CVE-2013-1104

CRITICAL
2013-01-24 psirt@cisco.com
9.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.0 CRITICAL
AV:N/AC:L/Au:S/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Jan 24, 2013 - 21:55 cve.org
CRITICAL 9.0

DescriptionCVE.org

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.

AnalysisAI

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. Affected products include: Cisco 2000 Wireless Lan Controller, Cisco 2100 Wireless Lan Controller, Cisco 2500 Wireless Lan Controller, Cisco 4100 Wireless Lan Controller, Cisco 4400 Wireless Lan Controller.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-5991 MEDIUM POC
6.3 Dec 19

screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote a

CVE-2012-5992 MEDIUM POC
6.8 Dec 19

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software

CVE-2012-0371 CRITICAL
9.3 Mar 01

Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs a

CVE-2013-1105 CRITICAL
9.0 Jan 24

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 be

CVE-2012-6007 MEDIUM POC
4.3 Dec 19

Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) dev

CVE-2013-1103 HIGH
7.8 Jan 24

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.

CVE-2013-1102 HIGH
7.8 Jan 24

The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7

CVE-2012-0369 HIGH
7.8 Mar 01

Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 bef

CVE-2012-0368 HIGH
7.8 Mar 01

The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and

CVE-2012-0370 HIGH
7.8 Mar 01

Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.

CVE-2013-1235 MEDIUM
5.0 May 04

Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessio

Share

CVE-2013-1104 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy