CVE-2006-3595

Опубликовано: 18 июл. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.

Ссылки

http://secunia.com/advisories/21028
Vendor Advisory
http://securitytracker.com/id?1016476
http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml
Patch
http://www.kb.cert.org/vuls/id/205225
US Government Resource
http://www.osvdb.org/27159
http://www.securityfocus.com/bid/18953
http://www.vupen.com/english/advisories/2006/2773
https://exchange.xforce.ibmcloud.com/vulnerabilities/27688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826
http://secunia.com/advisories/21028
Vendor Advisory
http://securitytracker.com/id?1016476
http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml
Patch
http://www.kb.cert.org/vuls/id/205225
US Government Resource
http://www.osvdb.org/27159
http://www.securityfocus.com/bid/18953
http://www.vupen.com/english/advisories/2006/2773
https://exchange.xforce.ibmcloud.com/vulnerabilities/27688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:router_web_setup:3.3.0_build_30:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01992

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-63x6-9wjm-8hc2

github

почти 4 года назад