CVE-2006-3595

2006-07-1420:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.

References

secunia.com/advisories/21028

securitytracker.com/id?1016476

www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml

www.kb.cert.org/vuls/id/205225

www.osvdb.org/27159

www.securityfocus.com/bid/18953

www.vupen.com/english/advisories/2006/2773

exchange.xforce.ibmcloud.com/vulnerabilities/27688

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826