Lucene search

[email protected]NVD:CVE-2006-1672

HistoryApr 07, 2006 - 10:04 a.m.

CVE-2006-1672

2006-04-0710:04:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.132 Low

EPSS

Percentile

95.6%

JSON

The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing “fs/LAUNCHER.jar”, which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.

Affected configurations

NVD

Node

ciscotransport_controllerMatch4.0.x

Node

ciscooptical_networking_systems_softwareMatch1.0

ciscooptical_networking_systems_softwareMatch1.1

ciscooptical_networking_systems_softwareMatch1.1\(0\)

ciscooptical_networking_systems_softwareMatch1.1\(1\)

ciscooptical_networking_systems_softwareMatch1.3\(0\)

ciscooptical_networking_systems_softwareMatch3.0

ciscooptical_networking_systems_softwareMatch3.1.0

ciscooptical_networking_systems_softwareMatch3.2

ciscooptical_networking_systems_softwareMatch3.3.0

ciscooptical_networking_systems_softwareMatch3.4.0

ciscooptical_networking_systems_softwareMatch4.0\(1\)

ciscooptical_networking_systems_softwareMatch4.0\(2\)

ciscooptical_networking_systems_softwareMatch4.0.0

ciscooptical_networking_systems_softwareMatch4.1\(0\)

ciscooptical_networking_systems_softwareMatch4.1\(1\)

ciscooptical_networking_systems_softwareMatch4.1\(2\)

ciscooptical_networking_systems_softwareMatch4.1\(3\)

ciscooptical_networking_systems_softwareMatch4.1.4

ciscooptical_networking_systems_softwareMatch4.6\(0\)

ciscooptical_networking_systems_softwareMatch4.6\(1\)

ciscoons_15310-cl_seriesMatch0

ciscoons_15600Match0

ciscoons_15454_mspp

References

secunia.com/advisories/19553

securitytracker.com/id?1015871

www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml

www.osvdb.org/24438

www.securityfocus.com/bid/17384

www.vupen.com/english/advisories/2006/1256

exchange.xforce.ibmcloud.com/vulnerabilities/25647

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.132 Low

EPSS

Percentile

95.6%

JSON

Related for NVD:CVE-2006-1672

cvelist1 prion1 cve1 cisco1