Lucene search

[email protected]NVD:CVE-2006-1672

HistoryApr 07, 2006 - 10:04 a.m.

CVE-2006-1672

2006-04-0710:04:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.132

Percentile

95.6%

JSON

The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing “fs/LAUNCHER.jar”, which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.

Affected configurations

Nvd

Node

ciscotransport_controllerMatch4.0.x

Node

ciscooptical_networking_systems_softwareMatch1.0

ciscooptical_networking_systems_softwareMatch1.1

ciscooptical_networking_systems_softwareMatch1.1\(0\)

ciscooptical_networking_systems_softwareMatch1.1\(1\)

ciscooptical_networking_systems_softwareMatch1.3\(0\)

ciscooptical_networking_systems_softwareMatch3.0

ciscooptical_networking_systems_softwareMatch3.1.0

ciscooptical_networking_systems_softwareMatch3.2

ciscooptical_networking_systems_softwareMatch3.3.0

ciscooptical_networking_systems_softwareMatch3.4.0

ciscooptical_networking_systems_softwareMatch4.0\(1\)

ciscooptical_networking_systems_softwareMatch4.0\(2\)

ciscooptical_networking_systems_softwareMatch4.0.0

ciscooptical_networking_systems_softwareMatch4.1\(0\)

ciscooptical_networking_systems_softwareMatch4.1\(1\)

ciscooptical_networking_systems_softwareMatch4.1\(2\)

ciscooptical_networking_systems_softwareMatch4.1\(3\)

ciscooptical_networking_systems_softwareMatch4.1.4

ciscooptical_networking_systems_softwareMatch4.6\(0\)

ciscooptical_networking_systems_softwareMatch4.6\(1\)

ciscoons_15310-cl_seriesMatch0

ciscoons_15600Match0

ciscoons_15454_mspp

VendorProductVersionCPE
ciscotransport_controller4.0.xcpe:2.3:a:cisco:transport_controller:4.0.x:*:*:*:*:*:*:*
ciscooptical_networking_systems_software1.0cpe:2.3:a:cisco:optical_networking_systems_software:1.0:*:*:*:*:*:*:*
ciscooptical_networking_systems_software1.1cpe:2.3:a:cisco:optical_networking_systems_software:1.1:*:*:*:*:*:*:*
ciscooptical_networking_systems_software1.1(0)cpe:2.3:a:cisco:optical_networking_systems_software:1.1\(0\):*:*:*:*:*:*:*
ciscooptical_networking_systems_software1.1(1)cpe:2.3:a:cisco:optical_networking_systems_software:1.1\(1\):*:*:*:*:*:*:*
ciscooptical_networking_systems_software1.3(0)cpe:2.3:a:cisco:optical_networking_systems_software:1.3\(0\):*:*:*:*:*:*:*
ciscooptical_networking_systems_software3.0cpe:2.3:a:cisco:optical_networking_systems_software:3.0:*:*:*:*:*:*:*
ciscooptical_networking_systems_software3.1.0cpe:2.3:a:cisco:optical_networking_systems_software:3.1.0:*:*:*:*:*:*:*
ciscooptical_networking_systems_software3.2cpe:2.3:a:cisco:optical_networking_systems_software:3.2:*:*:*:*:*:*:*
ciscooptical_networking_systems_software3.3.0cpe:2.3:a:cisco:optical_networking_systems_software:3.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	transport_controller	4.0.x	cpe:2.3:a:cisco:transport_controller:4.0.x:::::::*
cisco	optical_networking_systems_software	1.0	cpe:2.3:a:cisco:optical_networking_systems_software:1.0:::::::*
cisco	optical_networking_systems_software	1.1	cpe:2.3:a:cisco:optical_networking_systems_software:1.1:::::::*
cisco	optical_networking_systems_software	1.1(0)	cpe:2.3:a:cisco:optical_networking_systems_software:1.1\(0\):::::::*
cisco	optical_networking_systems_software	1.1(1)	cpe:2.3:a:cisco:optical_networking_systems_software:1.1\(1\):::::::*
cisco	optical_networking_systems_software	1.3(0)	cpe:2.3:a:cisco:optical_networking_systems_software:1.3\(0\):::::::*
cisco	optical_networking_systems_software	3.0	cpe:2.3:a:cisco:optical_networking_systems_software:3.0:::::::*
cisco	optical_networking_systems_software	3.1.0	cpe:2.3:a:cisco:optical_networking_systems_software:3.1.0:::::::*
cisco	optical_networking_systems_software	3.2	cpe:2.3:a:cisco:optical_networking_systems_software:3.2:::::::*
cisco	optical_networking_systems_software	3.3.0	cpe:2.3:a:cisco:optical_networking_systems_software:3.3.0:::::::*

Rows per page:

1-10 of 241

References

secunia.com/advisories/19553

securitytracker.com/id?1015871

www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml

www.osvdb.org/24438

www.securityfocus.com/bid/17384

www.vupen.com/english/advisories/2006/1256

exchange.xforce.ibmcloud.com/vulnerabilities/25647

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.132

Percentile

95.6%

JSON

Related for NVD:CVE-2006-1672

cve1 prion1 cvelist1 cisco1