CVE-2013-1104 — Cisco Wireless LAN Controller Software vulnerability

CWE-264 CWE-3995 documents5 sources

Severity

9.0CRITICALNVD

EPSS

1.2%

top 21.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless LAN Controller Software

Timeline

PublishedJan 24

Latest updateMay 17

Description

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/wireless_lan_controller_software7.3.101.0

🔴Vulnerability Details

GHSA

GHSA-rcx4-p563-6mqv: The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7↗2022-05-17

▶

CVEList

CVE-2013-1104: The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7↗2013-01-24

▶

💥Exploits & PoCs

Exploit-DB

Apple iOS 7.0.2 - Sim Lock Screen Display Bypass↗2013-10-15

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Wireless LAN Controllers↗2013-01-24

▶