Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1961

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1961
Last Modified 07 Mar 2011 09:34:42
Published 21 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1961

Summary

Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory.

Vulnerable Systems

Operating System

  • Cisco Ethernet Subscriber Solution Engine

Application

  • Cisco User Registration Tool

  • Cisco Wireless Lan Solution Engine 2.0

  • Cisco Wireless Lan Solution Engine 2.1

  • Cisco Wireless Lan Solution Engine 2.10

  • Cisco Wireless Lan Solution Engine 2.11

  • Cisco Wireless Lan Solution Engine 2.12

  • Cisco Wireless Lan Solution Engine 2.13

  • Cisco Wireless Lan Solution Engine 2.2

  • Cisco Wireless Lan Solution Engine 2.3

  • Cisco Wireless Lan Solution Engine 2.4

  • Cisco Wireless Lan Solution Engine 2.5

  • Cisco Wireless Lan Solution Engine 2.6

  • Cisco Wireless Lan Solution Engine 2.7

  • Cisco Wireless Lan Solution Engine 2.8

  • Cisco Wireless Lan Solution Engine 2.9

  • Ciscoworks 2000 Service Management Solution


References

CISCO - 20060419 Response to Privilege Escalation on Multiple Cisco Products

CISCO - 20060419 Multiple Vulnerabilities in the WLSE Appliance

SECTRACK - 1015965

SECUNIA - 19736

XF - cisco-wlse-shell-privilege-escalation(25884)

VUPEN - ADV-2006-1435

VUPEN - ADV-2006-1434

BID - 17609

BUGTRAQ - 20060419 Multiple vulnerabilities in Linux based Cisco products

BUGTRAQ - 20060419 Re: Multiple vulnerabilities in Linux based Cisco products

OSVDB - 24813

MISC - http://www.assurance.com.au/advisories/200604-cisco.txt

SECUNIA - 19741

SECUNIA - 19739


Last Updated: 27 May 2016 10:42:16