CVE-2006-3595

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-3595
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/21028 Vendor Advisory
http://securitytracker.com/id?1016476
http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml Patch
http://www.kb.cert.org/vuls/id/205225 US Government Resource
http://www.osvdb.org/27159
http://www.securityfocus.com/bid/18953
http://www.vupen.com/english/advisories/2006/2773
https://exchange.xforce.ibmcloud.com/vulnerabilities/27688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826
http://secunia.com/advisories/21028 Vendor Advisory
http://securitytracker.com/id?1016476
http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml Patch
http://www.kb.cert.org/vuls/id/205225 US Government Resource
http://www.osvdb.org/27159
http://www.securityfocus.com/bid/18953
http://www.vupen.com/english/advisories/2006/2773
https://exchange.xforce.ibmcloud.com/vulnerabilities/27688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:router_web_setup:3.3.0_build_30:*:*:*:*:*:*:*
History

21 Nov 2024, 00:13

Type Values Removed Values Added
References () http://secunia.com/advisories/21028 - Vendor Advisory () http://secunia.com/advisories/21028 - Vendor Advisory
References () http://securitytracker.com/id?1016476 - () http://securitytracker.com/id?1016476 -
References () http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml - Patch () http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml - Patch
References () http://www.kb.cert.org/vuls/id/205225 - US Government Resource () http://www.kb.cert.org/vuls/id/205225 - US Government Resource
References () http://www.osvdb.org/27159 - () http://www.osvdb.org/27159 -
References () http://www.securityfocus.com/bid/18953 - () http://www.securityfocus.com/bid/18953 -
References () http://www.vupen.com/english/advisories/2006/2773 - () http://www.vupen.com/english/advisories/2006/2773 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/27688 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/27688 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826 -
Information

Published : 2006-07-18 15:37

Updated : 2024-11-21 00:13

NVD link : CVE-2006-3595

Mitre link : CVE-2006-3595

CVE.ORG link : CVE-2006-3595

JSON object : View

Products Affected

cisco

  • router_web_setup
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024