Vulnerability Description
The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Wireless Control System | <= 3.2\(40\) |
References
- http://secunia.com/advisories/20870
- http://securitytracker.com/id?1016398
- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtmlPatch
- http://www.osvdb.org/26884
- http://www.securityfocus.com/bid/18701
- http://www.vupen.com/english/advisories/2006/2583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27438
- http://secunia.com/advisories/20870
- http://securitytracker.com/id?1016398
- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtmlPatch
- http://www.osvdb.org/26884
- http://www.securityfocus.com/bid/18701
- http://www.vupen.com/english/advisories/2006/2583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27438
FAQ
What is CVE-2006-3285?
CVE-2006-3285 is a vulnerability with a CVSS score of 7.5 (HIGH). The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to rea...
How severe is CVE-2006-3285?
CVE-2006-3285 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3285?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Control System.