Details of VAR-200610-0314

ID

VAR-200610-0314

CVE

CVE-2006-5288

TITLE

Cisco 2700 Series Wireless Location Appliances Vulnerabilities in which administrator privileges are obtained

Trust: 0.8

sources: JVNDB: JVNDB-2006-001388

DESCRIPTION

Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893. An attacker may use prior knowledge to log into the device to gain access to the device's administrative section. This could aid in further attacks. Cisco 2700 Series Wireless Location Appliance versions prior to 2.1.34.0 are vulnerable

Trust: 1.98

sources: NVD: CVE-2006-5288 // JVNDB: JVNDB-2006-001388 // BID: 20490 // VULHUB: VHN-21396

AFFECTED PRODUCTS

vendor:	cisco	model:	2700 wireless location appliance	scope:	eq	version:	1.1.73.0	Trust: 1.6
vendor:	cisco	model:	2700 wireless location appliance	scope:	lt	version:	2.1.34.0	Trust: 0.8
vendor:	cisco	model:	series wireless location appliance	scope:	eq	version:	27002.1.33.0	Trust: 0.3
vendor:	cisco	model:	series wireless location appliance	scope:	ne	version:	27002.1.34.0	Trust: 0.3

sources: BID: 20490 // JVNDB: JVNDB-2006-001388 // CNNVD: CNNVD-200610-206 // NVD: CVE-2006-5288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-5288
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-5288
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200610-206
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-21396
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-5288
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-21396
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-21396 // JVNDB: JVNDB-2006-001388 // CNNVD: CNNVD-200610-206 // NVD: CVE-2006-5288

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200610-206

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200610-206

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001388

PATCH

title:

cisco-sa-20061012-wla

url:

http://www.cisco.com/en/US/products/csa/cisco-sa-20061012-wla.html

Trust: 0.8

sources: JVNDB: JVNDB-2006-001388

EXTERNAL IDS

db:	NVD	id:	CVE-2006-5288	Trust: 2.5
db:	BID	id:	20490	Trust: 2.0
db:	OSVDB	id:	30913	Trust: 1.7
db:	SECTRACK	id:	1017056	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-001388	Trust: 0.8
db:	CNNVD	id:	CNNVD-200610-206	Trust: 0.7
db:	XF	id:	29497	Trust: 0.6
db:	CISCO	id:	20061012 DEFAULT PASSWORD IN WIRELESS LOCATION APPLIANCE	Trust: 0.6
db:	VULHUB	id:	VHN-21396	Trust: 0.1

sources: VULHUB: VHN-21396 // BID: 20490 // JVNDB: JVNDB-2006-001388 // CNNVD: CNNVD-200610-206 // NVD: CVE-2006-5288

REFERENCES

url:	http://www.securityfocus.com/bid/20490	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a0080758bae.shtml	Trust: 1.7
url:	http://www.osvdb.org/30913	Trust: 1.7
url:	http://securitytracker.com/id?1017056	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/29497	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5288	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5288	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/29497	Trust: 0.6
url:	http://www.cisco.com/warp/public/707/cisco-sa-20061012-wla.shtml	Trust: 0.3
url:	http://www.cisco.com/en/us/products/hw/wireless/	Trust: 0.3

sources: VULHUB: VHN-21396 // BID: 20490 // JVNDB: JVNDB-2006-001388 // CNNVD: CNNVD-200610-206 // NVD: CVE-2006-5288

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200610-206

SOURCES

db:	VULHUB	id:	VHN-21396
db:	BID	id:	20490
db:	JVNDB	id:	JVNDB-2006-001388
db:	CNNVD	id:	CNNVD-200610-206
db:	NVD	id:	CVE-2006-5288

LAST UPDATE DATE

2024-08-14T14:35:29.944000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-21396	date:	2017-07-20T00:00:00
db:	BID	id:	20490	date:	2006-10-13T17:39:00
db:	JVNDB	id:	JVNDB-2006-001388	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200610-206	date:	2006-10-16T00:00:00
db:	NVD	id:	CVE-2006-5288	date:	2017-07-20T01:33:39.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-21396	date:	2006-10-13T00:00:00
db:	BID	id:	20490	date:	2006-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2006-001388	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200610-206	date:	2006-10-13T00:00:00
db:	NVD	id:	CVE-2006-5288	date:	2006-10-13T20:07:00