CVE-2006-3291 — Cisco IOS vulnerability

CWE-164 documents4 sources

Severity

9.3CRITICALNVD

EPSS

1.1%

top 21.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedJun 28

Latest updateMay 1

Description

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/ios12.3\(8\)ja, 12.3\(8\)ja1+1

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-3j47-5x58-8672: The web interface on Cisco IOS 12↗2022-05-01

▶

CVEList

CVE-2006-3291: The web interface on Cisco IOS 12↗2006-06-28

▶

📋Vendor Advisories

Cisco

Access Point Web-browser Interface Vulnerability↗2006-06-28

▶