Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3595

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3595
Last Modified 07 Mar 2011 09:39:02
Published 18 Jul 2006 11:37:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3595

Summary

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.

Vulnerable Systems

Application

  • Cisco Router Web Setup 3.3.0 Build 30


References

CERT-VN - VU#205225

CISCO - 20060712 Cisco Router Web Setup Ships with Insecure Default IOS Configuration

XF - cisco-crws-command-execution(27688)

VUPEN - ADV-2006-2773

BID - 18953

SECUNIA - 21028

OSVDB - 27159

SECTRACK - 1016476


Last Updated: 27 May 2016 10:43:04