Vulnerability Description
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Wireless Lan Controller | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/96763
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474Vendor Advisory
- http://www.securityfocus.com/bid/62084
- http://www.securitytracker.com/id/1028970
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86811
- http://osvdb.org/96763
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474Vendor Advisory
- http://www.securityfocus.com/bid/62084
- http://www.securitytracker.com/id/1028970
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86811
FAQ
What is CVE-2013-3474?
CVE-2013-3474 is a vulnerability with a CVSS score of 6.3 (MEDIUM). The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manage...
How severe is CVE-2013-3474?
CVE-2013-3474 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3474?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Controller.