CVE-2006-3291

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml	Patch
http://www.securityfocus.com/bid/18704
http://www.kb.cert.org/vuls/id/544484	US Government Resource
http://securitytracker.com/id?1016399
http://secunia.com/advisories/20860
http://www.osvdb.org/26878
http://www.vupen.com/english/advisories/2006/2584
https://exchange.xforce.ibmcloud.com/vulnerabilities/27437

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios:12.3\(8\)ja1:::::::*
	cpe:2.3:o:cisco:ios:12.3\(8\)ja:::::::*

Information

Published : 2006-06-28 16:05

Updated : 2017-07-19 18:32

NVD link : CVE-2006-3291

Mitre link : CVE-2006-3291

JSON object : View

CWE

CWE-16

Configuration

Advertisement

Products Affected

cisco

ios

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml", "name": "20060628 Access Point Web-browser Interface Vulnerability", "tags": ["Patch"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/18704", "name": "18704", "tags": [], "refsource": "BID"}, {"url": "http://www.kb.cert.org/vuls/id/544484", "name": "VU#544484", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://securitytracker.com/id?1016399", "name": "1016399", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/20860", "name": "20860", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/26878", "name": "26878", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/2584", "name": "ADV-2006-2584", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27437", "name": "cisco-ap-browser-unauth-access(27437)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the \"Local User List Only (Individual Passwords)\" setting, which removes all security and password configurations and allows remote attackers to access the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-16"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3291", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-06-28T23:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(8\\)ja1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3\\(8\\)ja:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:32Z"}