CVE-2006-3290
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.
El servidor HTTP de Cisco Wireless Control System (WCS) para Linux y Windows en sus versiones anteriores a la v3.2(51) almacena información confidencial bajo el directorio raiz web con insuficiente control de acceso, lo que permite a atacantes remotos obtener nombres de usuario y rutas de directorios a través de peticiones directas de URL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-06-28 CVE Reserved
- 2006-06-28 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/20870 | Third Party Advisory | |
| http://securitytracker.com/id?1016398 | Vdb Entry | |
| http://www.osvdb.org/26879 | Vdb Entry | |
| http://www.securityfocus.com/bid/18701 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/2583 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27442 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml | 2017-07-20 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Wireless Control System Search vendor "Cisco" for product "Wireless Control System" | <= 3.2\(51\) Search vendor "Cisco" for product "Wireless Control System" and version " <= 3.2\(51\)" | - |
Affected
| ||||||