Lucene search

[email protected]CVE-2006-3285

HistoryJun 28, 2006 - 10:05 p.m.

CVE-2006-3285

2006-06-2822:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cisco

wcs

database

vulnerability

cve-2006-3285

nvd

linux

windows

authentication

configuration manipulation

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON

The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955).

CPENameOperatorVersion
cisco:wireless_control_systemcisco wireless control systemle3.2\(40\)

CPE	Name	Operator	Version
cisco:wireless_control_system	cisco wireless control system	le	3.2\(40\)

References

secunia.com/advisories/20870

securitytracker.com/id?1016398

www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml

www.osvdb.org/26884

www.securityfocus.com/bid/18701

www.vupen.com/english/advisories/2006/2583

exchange.xforce.ibmcloud.com/vulnerabilities/27438

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2006-3285

cisco1