CVE-2006-3290

CWE-200 — Information Exposure CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.0MEDIUM

EPSS

0.5%

top 32.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless Control System

Timeline

PublishedJun 28

Latest updateMay 1

Description

HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/wireless_control_system3.2\(51\)

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-3rjp-6929-2mrw: HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3↗2022-05-01

▶

CVEList

CVE-2006-3290: HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3↗2006-06-28

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Wireless Control System↗2006-06-28

▶