Lucene search

[email protected]CVE-2006-3595

HistoryJul 18, 2006 - 3:37 p.m.

CVE-2006-3595

2006-07-1815:37:00

[email protected]

web.nvd.nist.gov

cve-2006-3595

cisco

router

web setup

crws

http server

authentication bypass

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.

Affected configurations

NVD

Node

ciscorouter_web_setupMatch3.3.0_build_30

CPENameOperatorVersion
cisco:router_web_setupcisco router web setupeq3.3.0_build_30

CPE	Name	Operator	Version
cisco:router_web_setup	cisco router web setup	eq	3.3.0_build_30

References

secunia.com/advisories/21028

securitytracker.com/id?1016476

www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml

www.kb.cert.org/vuls/id/205225

www.osvdb.org/27159

www.securityfocus.com/bid/18953

www.vupen.com/english/advisories/2006/2773

exchange.xforce.ibmcloud.com/vulnerabilities/27688

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

Related for CVE-2006-3595

cisco1 nvd1 cvelist1