Vulnerabilities > CVE-2006-3595 - Authentication Bypass vulnerability in Cisco Router web Setup 3.3.0Build30

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
cisco

Summary

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.

Vulnerable Configurations

Part Description Count
Application
Cisco
1

Oval

accepted2008-09-08T04:00:48.880-04:00
classvulnerability
contributors
nameYuzheng Zhou
organizationHewlett-Packard
descriptionThe default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
familyios
idoval:org.mitre.oval:def:5826
statusaccepted
submitted2008-05-26T11:06:36.000-04:00
titleCisco Multiple Router Products Web Setup Configuration Error Vulnerability
version2