VDB
CVE-2006-3595
CVE-2006-3595
PUBLISHED
CVSS 7.5 HIGH
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
EPSS 1.99% · 84.0th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
1.99%
84.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| cisco | router_web_setup | * |
Exploit Intelligence
- VU#205225 (circl)
- 1016476 (circl)
- cisco-crws-command-execution(27688) (circl)
- 18953 (circl)
- 27159 (circl)
- 21028 (circl)
- ADV-2006-2773 (circl)
- oval:org.mitre.oval:def:5826 (circl)
- 20060712 Cisco Router Web Setup Ships with Insecure Default IOS Configuration (circl)
Timeline
- Jul 12, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- http://www.osvdb.org/27159 technical
- http://www.securityfocus.com/bid/18953 technical
- http://www.vupen.com/english/advisories/2006/2773 technical
- VU#205225 third-party-advisory
- 1016476 vdb
- cisco-crws-command-execution(27688) vdb
- 21028 third-party-advisory
- oval:org.mitre.oval:def:5826 vdb
- 20060712 Cisco Router Web Setup Ships with Insecure Default IOS Configuration vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-3595 advisory