The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/20860 - | |
References | () http://securitytracker.com/id?1016399 - | |
References | () http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml - Patch | |
References | () http://www.kb.cert.org/vuls/id/544484 - US Government Resource | |
References | () http://www.osvdb.org/26878 - | |
References | () http://www.securityfocus.com/bid/18704 - | |
References | () http://www.vupen.com/english/advisories/2006/2584 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/27437 - |
Information
Published : 2006-06-28 23:05
Updated : 2024-11-21 00:13
NVD link : CVE-2006-3291
Mitre link : CVE-2006-3291
CVE.ORG link : CVE-2006-3291
JSON object : View
Products Affected
cisco
- ios
CWE
CWE-16
Configuration