CVE-2006-3291

high

Description

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27437

http://www.vupen.com/english/advisories/2006/2584

http://www.securityfocus.com/bid/18704

http://www.osvdb.org/26878

http://www.kb.cert.org/vuls/id/544484

http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml

http://securitytracker.com/id?1016399

http://secunia.com/advisories/20860

Details

Source: Mitre, NVD

Published: 2006-06-28

Updated: 2017-07-20

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High