CVE-2006-3291
Severity CVSS v4.0:
Pending analysis
Type:
CWE-16
Configuration Errors
Publication date:
28/06/2006
Last modified:
03/04/2025
Description
The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios:12.3\(8\)ja:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:12.3\(8\)ja1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/20860
- http://securitytracker.com/id?1016399=
- http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml
- http://www.kb.cert.org/vuls/id/544484
- http://www.osvdb.org/26878
- http://www.securityfocus.com/bid/18704
- http://www.vupen.com/english/advisories/2006/2584
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27437
- http://secunia.com/advisories/20860
- http://securitytracker.com/id?1016399=
- http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml
- http://www.kb.cert.org/vuls/id/544484
- http://www.osvdb.org/26878
- http://www.securityfocus.com/bid/18704
- http://www.vupen.com/english/advisories/2006/2584
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27437