Intelligence Center » Browse All Vulnerabilities » CVE-2006-3595
Overview |
|
| Vulnerability Score |  7.5 |
| CVE Id | CVE-2006-3595 |
| Last Modified | 07 Mar 2011 09:39:02 |
| Published | 18 Jul 2006 11:37:00 |
| Confidentiality Impact |  PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Access Vector | NETWORK |
| Access Complexity | LOW |
| Authentication | NONE |
CVE-2006-3595
Summary
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
Vulnerable Systems
Application
Cisco Router Web Setup 3.3.0 Build 30
References
CERT-VN - VU#205225
CISCO - 20060712 Cisco Router Web Setup Ships with Insecure Default IOS Configuration
XF - cisco-crws-command-execution(27688)
VUPEN - ADV-2006-2773
BID - 18953
SECUNIA - 21028
OSVDB - 27159
SECTRACK - 1016476
IT Risk Posture:
Free Risk Assessment Tools
Application Scanner
Find vulnerabilities on your network.
Device Scanner
Find vulnerabilities on your network.
Patch Scanner
Find vulnerabilities on your network.
Last Updated: 27 May 2016 10:43:04
