Lucene search

[email protected]CVE-2006-3291

HistoryJun 28, 2006 - 11:05 p.m.

CVE-2006-3291

2006-06-2823:05:00

CWE-16

[email protected]

web.nvd.nist.gov

cisco

ios

web interface

reconfiguration

security

password

remote access

vulnerability

nvd

cve-2006-3291

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the “Local User List Only (Individual Passwords)” setting, which removes all security and password configurations and allows remote attackers to access the system.

Affected configurations

NVD

Node

ciscoiosMatch12.3\(8\)ja

ciscoiosMatch12.3\(8\)ja1

CPENameOperatorVersion
cisco:ioscisco ioseq12.3\(8\)ja
cisco:ioscisco ioseq12.3\(8\)ja1

CPE	Name	Operator	Version
cisco:ios	cisco ios	eq	12.3\(8\)ja
cisco:ios	cisco ios	eq	12.3\(8\)ja1

References

secunia.com/advisories/20860

securitytracker.com/id?1016399

www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml

www.kb.cert.org/vuls/id/544484

www.osvdb.org/26878

www.securityfocus.com/bid/18704

www.vupen.com/english/advisories/2006/2584

exchange.xforce.ibmcloud.com/vulnerabilities/27437

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for CVE-2006-3291

cert1 nessus1 cvelist1 nvd1 cisco1