CVE-2006-3291

{"id": "CVE-2006-3291", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-06-28T23:05:00.000", "references": [{"url": "http://secunia.com/advisories/20860", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016399", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/544484", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/26878", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18704", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2584", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27437", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the \"Local User List Only (Individual Passwords)\" setting, which removes all security and password configurations and allows remote attackers to access the system."}, {"lang": "es", "value": "El interfaz web de Cisco IOS 12.3(8)JA y 12.3(8)JA1, tal como es utilizado en Cisco Wireless Access Point y Wireless Bridge, se reconfigura cuando se activa la opci\u00f3n de configuraci\u00f3n \"Local User List Only (Individual Passwords)\", lo que elmina toda las configuraciones de seguridad y contrase\u00f1as y permite a atacantes remotos acceder al sistema."}], "lastModified": "2017-07-20T01:32:12.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.3\\(8\\)ja:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4701FFB8-6361-4B0F-B413-2649A6FC650E"}, {"criteria": "cpe:2.3:o:cisco:ios:12.3\\(8\\)ja1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80CC4D9F-F7C1-4887-BDC6-62F4BDFE5079"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}