Vulnerability Description
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Router Web Setup | 3.3.0_build_30 |
References
- http://secunia.com/advisories/21028Vendor Advisory
- http://securitytracker.com/id?1016476
- http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtmlPatch
- http://www.kb.cert.org/vuls/id/205225US Government Resource
- http://www.osvdb.org/27159
- http://www.securityfocus.com/bid/18953
- http://www.vupen.com/english/advisories/2006/2773
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27688
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/21028Vendor Advisory
- http://securitytracker.com/id?1016476
- http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtmlPatch
- http://www.kb.cert.org/vuls/id/205225US Government Resource
- http://www.osvdb.org/27159
- http://www.securityfocus.com/bid/18953
FAQ
What is CVE-2006-3595?
CVE-2006-3595 is a vulnerability with a CVSS score of 7.5 (HIGH). The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary priv...
How severe is CVE-2006-3595?
CVE-2006-3595 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3595?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Router Web Setup.