Details of VAR-200606-0251

ID

VAR-200606-0251

CVE

CVE-2006-3291

TITLE

Cisco Access Point Web Browser Interface contains a vulnerability

Trust: 0.8

sources: CERT/CC: VU#544484

DESCRIPTION

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. This may permit an attacker to bypass the authentication mechanism and gain access to the web interface. Remote attackers may use this loophole to obtain unauthorized access. ---------------------------------------------------------------------- Reverse Engineer Wanted Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. Successful exploitation requires that the web management interface is enabled. http://www.cisco.com/public/sw-center/sw-usingswc.shtml PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2006-3291 // CERT/CC: VU#544484 // JVNDB: JVNDB-2006-000359 // BID: 18704 // VULHUB: VHN-19399 // PACKETSTORM: 47887

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.3\(8\)ja	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3\(8\)ja1	Trust: 1.6
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 0.8
vendor:	cisco	model:	wireless mobile interface card series	scope:	eq	version:	3200	Trust: 0.3
vendor:	cisco	model:	wireless bridge	scope:	eq	version:	350	Trust: 0.3
vendor:	cisco	model:	wireless bridge	scope:	eq	version:	1310	Trust: 0.3
vendor:	cisco	model:	wireless access point	scope:	eq	version:	350	Trust: 0.3
vendor:	cisco	model:	wireless access point	scope:	eq	version:	1410	Trust: 0.3
vendor:	cisco	model:	wireless access point	scope:	eq	version:	1240	Trust: 0.3
vendor:	cisco	model:	wireless access point	scope:	eq	version:	1200	Trust: 0.3
vendor:	cisco	model:	wireless access point	scope:	eq	version:	1130	Trust: 0.3
vendor:	cisco	model:	wireless access point	scope:	eq	version:	1100	Trust: 0.3
vendor:	cisco	model:	ios 12.3 jk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 ja1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 ja	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#544484 // BID: 18704 // JVNDB: JVNDB-2006-000359 // CNNVD: CNNVD-200606-575 // NVD: CVE-2006-3291

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3291
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-3291
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200606-575
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-19399
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-3291
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2006-3291
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-19399
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-19399 // JVNDB: JVNDB-2006-000359 // CNNVD: CNNVD-200606-575 // NVD: CVE-2006-3291

PROBLEMTYPE DATA

problemtype:

CWE-16

Trust: 1.9

sources: VULHUB: VHN-19399 // JVNDB: JVNDB-2006-000359 // NVD: CVE-2006-3291

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-575

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-200606-575

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000359

PATCH

title:	cisco-sa-20060628-ap	url:	http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml	Trust: 0.8
title:	cisco-sa-20060628-ap	url:	http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20060628-ap-j.shtml	Trust: 0.8

sources: JVNDB: JVNDB-2006-000359

EXTERNAL IDS

db:	CERT/CC	id:	VU#544484	Trust: 3.3
db:	BID	id:	18704	Trust: 2.8
db:	SECUNIA	id:	20860	Trust: 2.6
db:	NVD	id:	CVE-2006-3291	Trust: 2.5
db:	OSVDB	id:	26878	Trust: 1.7
db:	SECTRACK	id:	1016399	Trust: 1.7
db:	VUPEN	id:	ADV-2006-2584	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-000359	Trust: 0.8
db:	CNNVD	id:	CNNVD-200606-575	Trust: 0.7
db:	XF	id:	27437	Trust: 0.6
db:	CISCO	id:	20060628 ACCESS POINT WEB-BROWSER INTERFACE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-19399	Trust: 0.1
db:	PACKETSTORM	id:	47887	Trust: 0.1

sources: CERT/CC: VU#544484 // VULHUB: VHN-19399 // BID: 18704 // JVNDB: JVNDB-2006-000359 // PACKETSTORM: 47887 // CNNVD: CNNVD-200606-575 // NVD: CVE-2006-3291

REFERENCES

url:	http://www.securityfocus.com/bid/18704	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/544484	Trust: 2.5
url:	http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml	Trust: 2.1
url:	http://www.osvdb.org/26878	Trust: 1.7
url:	http://securitytracker.com/id?1016399	Trust: 1.7
url:	http://secunia.com/advisories/20860	Trust: 1.7
url:	http://www.frsirt.com/english/advisories/2006/2584	Trust: 1.4
url:	http://www.vupen.com/english/advisories/2006/2584	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27437	Trust: 1.1
url:	http://secunia.com/advisories/20860/	Trust: 0.9
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3291	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-3291	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/27437	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html	Trust: 0.3
url:	/archive/1/438643	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/6794/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/6037/	Trust: 0.1
url:	http://secunia.com/product/1930/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://secunia.com/product/5114/	Trust: 0.1
url:	http://www.cisco.com/public/sw-center/sw-usingswc.shtml	Trust: 0.1
url:	http://secunia.com/product/6034/	Trust: 0.1
url:	http://secunia.com/product/1929/	Trust: 0.1
url:	http://secunia.com/product/1928/	Trust: 0.1

sources: CERT/CC: VU#544484 // VULHUB: VHN-19399 // BID: 18704 // JVNDB: JVNDB-2006-000359 // PACKETSTORM: 47887 // CNNVD: CNNVD-200606-575 // NVD: CVE-2006-3291

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200606-575

SOURCES

db:	CERT/CC	id:	VU#544484
db:	VULHUB	id:	VHN-19399
db:	BID	id:	18704
db:	JVNDB	id:	JVNDB-2006-000359
db:	PACKETSTORM	id:	47887
db:	CNNVD	id:	CNNVD-200606-575
db:	NVD	id:	CVE-2006-3291

LAST UPDATE DATE

2024-08-14T14:29:12.572000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#544484	date:	2006-07-04T00:00:00
db:	VULHUB	id:	VHN-19399	date:	2017-07-20T00:00:00
db:	BID	id:	18704	date:	2006-09-21T19:56:00
db:	JVNDB	id:	JVNDB-2006-000359	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200606-575	date:	2006-06-30T00:00:00
db:	NVD	id:	CVE-2006-3291	date:	2017-07-20T01:32:12.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#544484	date:	2006-06-29T00:00:00
db:	VULHUB	id:	VHN-19399	date:	2006-06-28T00:00:00
db:	BID	id:	18704	date:	2006-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2006-000359	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	47887	date:	2006-06-29T18:48:34
db:	CNNVD	id:	CNNVD-200606-575	date:	2006-06-28T00:00:00
db:	NVD	id:	CVE-2006-3291	date:	2006-06-28T23:05:00