CVE-2013-1104

Published Jan 24, 2013

Last updated 3 months ago

CVSS info 9.0

Overview

Description: The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:2000_wireless_lan_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65B6A979-5487-4ABF-AD66-522442D6DC38"
          },
          {
            "criteria": "cpe:2.3:h:cisco:2100_wireless_lan_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24B6D315-BBA5-4C37-BB74-BD1ADCA77F69"
          },
          {
            "criteria": "cpe:2.3:h:cisco:2500_wireless_lan_controller:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52A0DE1A-D1A2-4F5A-B237-4F53892775E4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:4100_wireless_lan_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97790CF3-F428-499C-A175-1DB8380432F0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62DD77D6-9809-4B8B-A19F-1D10449C546F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:5500_wireless_lan_controller:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEA74EC6-0B2D-441A-8DDB-FFB736D0CF56"
          },
          {
            "criteria": "cpe:2.3:h:cisco:7500_wireless_lan_controller:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D51BCAD1-576F-44A7-85CF-DF03363DBFAB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:8500_wireless_lan_controller:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE9BD1C8-10F8-4BA7-A883-42384A5EC1A5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.3.101.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7233C6A0-9674-4C6D-ACC0-CC654CF117C3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References