ID CVE-2006-3595
Summary The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
References
Vulnerable Configurations
  • Cisco Router Web Setup 3.3.0 build 30
    cpe:2.3:a:cisco:router_web_setup:3.3.0_build_30
CVSS
Base: 7.5 (as of 18-07-2006 - 16:59)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
oval via4
accepted 2008-09-08T04:00:48.880-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
family ios
id oval:org.mitre.oval:def:5826
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco Multiple Router Products Web Setup Configuration Error Vulnerability
version 2
refmap via4
bid 18953
cert-vn VU#205225
cisco 20060712 Cisco Router Web Setup Ships with Insecure Default IOS Configuration
osvdb 27159
sectrack 1016476
secunia 21028
vupen ADV-2006-2773
xf cisco-crws-command-execution(27688)
Last major update 07-03-2011 - 21:39
Published 18-07-2006 - 11:37
Last modified 10-10-2017 - 21:31
Back to Top