Vulnerabilities > CVE-2006-3595 - Authentication Bypass vulnerability in Cisco Router web Setup 3.3.0Build30
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Oval
accepted | 2008-09-08T04:00:48.880-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
description | The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190. | ||||
family | ios | ||||
id | oval:org.mitre.oval:def:5826 | ||||
status | accepted | ||||
submitted | 2008-05-26T11:06:36.000-04:00 | ||||
title | Cisco Multiple Router Products Web Setup Configuration Error Vulnerability | ||||
version | 2 |
References
- http://secunia.com/advisories/21028
- http://securitytracker.com/id?1016476
- http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml
- http://www.kb.cert.org/vuls/id/205225
- http://www.osvdb.org/27159
- http://www.securityfocus.com/bid/18953
- http://www.vupen.com/english/advisories/2006/2773
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27688
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826