1. Home
  2. CVE Database
  3. CVE-2013-1104
HIGH · 9.0

CVE-2013-1104

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header...

Vulnerability Description

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.

CVSS Score

9.0

HIGH

AV:N/AC:L/Au:S/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
Cisco2000 Wireless Lan ControllerAll versions
Cisco2100 Wireless Lan ControllerAll versions
Cisco2500 Wireless Lan Controller-
Cisco4100 Wireless Lan ControllerAll versions
Cisco4400 Wireless Lan ControllerAll versions
Cisco5500 Wireless Lan Controller-
Cisco7500 Wireless Lan Controller-
Cisco8500 Wireless Lan Controller-
CiscoWireless Lan Controller Software7.3.101.0

References

FAQ

What is CVE-2013-1104?

CVE-2013-1104 is a vulnerability with a CVSS score of 9.0 (HIGH). The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header...

How severe is CVE-2013-1104?

CVE-2013-1104 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1104?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco 2000 Wireless Lan Controller, Cisco 2100 Wireless Lan Controller, Cisco 2500 Wireless Lan Controller, Cisco 4100 Wireless Lan Controller, Cisco 4400 Wireless Lan Controller.