CVE-2006-3291 - The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point

CVE-2006-3291

Summary

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.

References

Vulnerable Configurations

cpe:2.3:o:cisco:ios:12.3\(8\)ja:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.3\(8\)ja:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.3\(8\)ja1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.3\(8\)ja1:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	18704
cert-vn	VU#544484
cisco	20060628 Access Point Web-browser Interface Vulnerability
osvdb	26878
sectrack	1016399
secunia	20860
vupen	ADV-2006-2584
xf	cisco-ap-browser-unauth-access(27437)

Last major update

20-07-2017 - 01:32

Published

28-06-2006 - 23:05

Last modified

20-07-2017 - 01:32