Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3291

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-3291
Last Modified 07 Mar 2011 09:38:17
Published 28 Jun 2006 07:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3291

Summary

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.

Vulnerable Systems

Operating System

  • Cisco Ios 12.3%288%29ja

  • Cisco Ios 12.3%288%29ja1


References

CERT-VN - VU#544484

CISCO - 20060628 Access Point Web-browser Interface Vulnerability

XF - cisco-ap-browser-unauth-access(27437)

VUPEN - ADV-2006-2584

BID - 18704

OSVDB - 26878

SECTRACK - 1016399

SECUNIA - 20860


Last Updated: 27 May 2016 10:42:57