// For flags

CVE-2006-3291

 

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.

El interfaz web de Cisco IOS 12.3(8)JA y 12.3(8)JA1, tal como es utilizado en Cisco Wireless Access Point y Wireless Bridge, se reconfigura cuando se activa la opción de configuración "Local User List Only (Individual Passwords)", lo que elmina toda las configuraciones de seguridad y contraseñas y permite a atacantes remotos acceder al sistema.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-06-28 CVE Reserved
  • 2006-06-28 CVE Published
  • 2023-11-21 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-16: Configuration
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 12.3\(8\)ja
Search vendor "Cisco" for product "Ios" and version "12.3\(8\)ja"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 12.3\(8\)ja1
Search vendor "Cisco" for product "Ios" and version "12.3\(8\)ja1"
-
Affected