Vulnerability Description
Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | User Registration Tool | All versions |
| Cisco | Wireless Lan Solution Engine | 2.0 |
| Cisco | Ciscoworks 2000 Service Management Solution | All versions |
| Cisco | Hosting Solution Engine | 1.7 |
| Cisco | Ethernet Subscriber Solution Engine | All versions |
References
- http://secunia.com/advisories/19736PatchVendor Advisory
- http://secunia.com/advisories/19739
- http://secunia.com/advisories/19741
- http://securitytracker.com/id?1015965Patch
- http://www.assurance.com.au/advisories/200604-cisco.txt
- http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtmlPatch
- http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtmlPatch
- http://www.osvdb.org/24813
- http://www.securityfocus.com/archive/1/431367/30/5490/threaded
- http://www.securityfocus.com/archive/1/431371/30/5490/threaded
- http://www.securityfocus.com/bid/17609
- http://www.vupen.com/english/advisories/2006/1434
- http://www.vupen.com/english/advisories/2006/1435
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25884
- http://secunia.com/advisories/19736PatchVendor Advisory
FAQ
What is CVE-2006-1961?
CVE-2006-1961 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscrib...
How severe is CVE-2006-1961?
CVE-2006-1961 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1961?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco User Registration Tool, Cisco Wireless Lan Solution Engine, Cisco Ciscoworks 2000 Service Management Solution, Cisco Hosting Solution Engine, Cisco Ethernet Subscriber Solution Engine.