CVE-2006-3595

Published Jul 18, 2006

Last updated 7 years ago

Overview

Description: The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:router_web_setup:3.3.0_build_30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7587F6EB-2495-4D9C-A0EF-5CE2858F464C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2006-3595
http://secunia.com/advisories/21028
http://securitytracker.com/id?1016476
http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml
http://www.kb.cert.org/vuls/id/205225
http://www.osvdb.org/27159
http://www.securityfocus.com/bid/18953
http://www.vupen.com/english/advisories/2006/2773
https://exchange.xforce.ibmcloud.com/vulnerabilities/27688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References