CVE-2006-3595

Published: Jul 18, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.

Affected (1)

Products: Cisco: Router Web Setup

Cisco

1 product

Router Web Setup

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Router Web Setup	Version 3.3.0_build_30

References (18)

http://secunia.com/advisories/21028

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1016476

Source: cve@mitre.org

http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml

Source: cve@mitre.org

Patch

http://www.kb.cert.org/vuls/id/205225

Source: cve@mitre.org

US Government Resource

http://www.osvdb.org/27159

Source: cve@mitre.org

http://www.securityfocus.com/bid/18953

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2773

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/27688

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826

Source: cve@mitre.org

http://secunia.com/advisories/21028