Remote Code Execution Vulnerability in Cisco Wireless LAN Controller
CVE-2013-1104

Currently unrated

Key Information:

Vendor: Cisco
Status: 2000 Wireless Lan Controller; 2100 Wireless Lan Controller; 2500 Wireless Lan Controller; 4100 Wireless Lan Controller
Vendor: CVE Published:; 24 January 2013

Summary

The HTTP Profiling feature of the Cisco Wireless LAN Controller devices with software version 7.3.101.0 is susceptible to a remote code execution vulnerability. This issue arises when remote authenticated users can manipulate the HTTP User-Agent header to execute arbitrary code. This flaw emphasizes the importance of securing authentication mechanisms and validating input from user-generated content, as it could lead to unauthorized access and severe system compromises.

References

http://osvdb.org/89533

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/51965

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/57524

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 24, 2013
Vulnerability Reserved
Jan 11, 2013