Lucene search

[email protected]CVE-2006-3290

HistoryJun 28, 2006 - 11:05 p.m.

CVE-2006-3290

2006-06-2823:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cisco

wcs

http server

sensitive information

access control

cve-2006-3290

nvd

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.0%

JSON

HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.

CPENameOperatorVersion
cisco:wireless_control_systemcisco wireless control systemle3.2\(51\)

CPE	Name	Operator	Version
cisco:wireless_control_system	cisco wireless control system	le	3.2\(51\)

References

secunia.com/advisories/20870

securitytracker.com/id?1016398

www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml

www.osvdb.org/26879

www.securityfocus.com/bid/18701

www.vupen.com/english/advisories/2006/2583

exchange.xforce.ibmcloud.com/vulnerabilities/27442

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2006-3290

cisco1