cvelistv5 - cve-2006-3289

cve-2006-3289

Vulnerability from cvelistv5

Published

2006-06-28 23:00

Modified

2024-08-07 18:23

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/20870
cve@mitre.org	http://securitytracker.com/id?1016398
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml	Patch
cve@mitre.org	http://www.osvdb.org/26880
cve@mitre.org	http://www.securityfocus.com/bid/18701
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2583
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27441
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20870
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016398
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26880
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18701
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2583
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27441

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:23:21.022Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-2583",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2583"
          },
          {
            "name": "20870",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20870"
          },
          {
            "name": "cisco-wcs-http-xss(27441)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"
          },
          {
            "name": "20060628 Multiple Vulnerabilities in Wireless Control System",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"
          },
          {
            "name": "26880",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26880"
          },
          {
            "name": "1016398",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016398"
          },
          {
            "name": "18701",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18701"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-2583",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2583"
        },
        {
          "name": "20870",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20870"
        },
        {
          "name": "cisco-wcs-http-xss(27441)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"
        },
        {
          "name": "20060628 Multiple Vulnerabilities in Wireless Control System",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"
        },
        {
          "name": "26880",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26880"
        },
        {
          "name": "1016398",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016398"
        },
        {
          "name": "18701",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18701"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3289",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-2583",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2583"
            },
            {
              "name": "20870",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20870"
            },
            {
              "name": "cisco-wcs-http-xss(27441)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"
            },
            {
              "name": "20060628 Multiple Vulnerabilities in Wireless Control System",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"
            },
            {
              "name": "26880",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26880"
            },
            {
              "name": "1016398",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016398"
            },
            {
              "name": "18701",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18701"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3289",
    "datePublished": "2006-06-28T23:00:00",
    "dateReserved": "2006-06-28T00:00:00",
    "dateUpdated": "2024-08-07T18:23:21.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3289\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-06-28T23:05:00.000\",\"lastModified\":\"2024-11-21T00:13:15.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \\\"malicious URL\\\".\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de inicio de sesi\u00f3n del interfaz HTTP de Cisco Wireless Control System (WCS) para Linux y Windows en sus versiones anteriores a la v3.2(51). Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de vectores de ataque desconocidos que involucran una \\\"URL maliciosa\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:P/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:wireless_control_system:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2\\\\(51\\\\)\",\"matchCriteriaId\":\"1B0A192A-AC2C-494D-9AFD-EB4C5DA536B4\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/20870\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016398\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/26880\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18701\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2583\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27441\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20870\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016398\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/26880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18701\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27441\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". Cisco Wireless Control System is prone to multiple security vulnerabilities. The following issues have been disclosed: - Authorization-bypass vulnerability due to multiple hardcoded username and password pairs - Arbitrary file access vulnerability - Cross-site scripting vulnerability - Information-disclosure vulnerability An attacker can exploit these issues to retrieve potentially sensitive information, overwrite files, perform cross-site scripting attacks, and gain unauthorized access; other attacks are also possible.

Reverse Engineer Wanted

Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.

http://secunia.com/secunia_security_specialist/

TITLE: Cisco Wireless Control System Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA20870

VERIFY ADVISORY: http://secunia.com/advisories/20870/

CRITICAL: Moderately critical

IMPACT: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access

WHERE:

From remote

SOFTWARE: Cisco Wireless Control System (WCS) 1.x http://secunia.com/product/6332/

DESCRIPTION: Some vulnerabilities and a security issue have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious, local users to gain knowledge of sensitive information, and by malicious people to gain knowledge of sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions and potentially compromise a vulnerable system.

1) An undocumented username and hard-coded password exists in the WCS. This can be exploited to connect to the WCS internal database and to gain access to the configuration information of managed wireless access points.

The security issue has been reported in WCS for Linux and Windows 3.2(40) and prior.

2) Undocumented database username and password are stored in clear text in several WCS files. This can potentially be exploited by local users to gain knowledge of the user credentials and to gain access to the database.

The vulnerability has been reported in WCS for Linux and Windows 3.2(51) and prior.

3) An error within the internal TFTP server allows reading from or writing to arbitrary locations in the filesystem of a WCS system.

Successful exploitation requires that the configured root directory of the TFTP server contains a space character.

The vulnerability has been reported in WCS for Linux and Windows 3.2(51) and prior.

4) Input passed to the unspecified parameter in login page is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability has been reported in WCS for Linux and Windows 3.2(51) and prior.

5) An access control error within the WCS HTTP server can be exploited to gain access to certain directories, which may contain sensitive information like WCS usernames and directory paths.

The vulnerability has been reported in WCS for Linux and Windows 3.2(51) and prior.

Note: It has also been reported that WCS for Linux and Windows 4.0(1) and prior are installed with a default administrator username root, with a default password of public.

SOLUTION: Update to WCS for Linux and Windows 3.2(63) or later. http://www.cisco.com/public/sw-center/sw-usingswc.shtml

Default administrator passwords should be changed after installation.

PROVIDED AND/OR DISCOVERED BY: Reported by vendor.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200606-0249",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless control system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2\\(51\\)"
      },
      {
        "model": "wireless control system",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.2\\(51\\)"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "18701"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3289"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-3289",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2006-3289",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "VHN-19397",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-3289",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200606-589",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-19397",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3289"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\". Cisco Wireless Control System is prone to multiple security vulnerabilities. \nThe following issues have been disclosed:\n- Authorization-bypass vulnerability due to multiple hardcoded username and password pairs\n- Arbitrary file access vulnerability\n- Cross-site scripting vulnerability\n- Information-disclosure vulnerability\nAn attacker can exploit these issues to retrieve potentially sensitive information, overwrite files, perform cross-site scripting attacks, and gain unauthorized access; other attacks are also possible. \n\n----------------------------------------------------------------------\n\nReverse Engineer Wanted\n\nSecunia offers a Security Specialist position with emphasis on\nreverse engineering of software and exploit code, auditing of\nsource code, and analysis of vulnerability reports. \n\nhttp://secunia.com/secunia_security_specialist/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Wireless Control System Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA20870\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/20870/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting, Exposure of system\ninformation, Exposure of sensitive information, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCisco Wireless Control System (WCS) 1.x\nhttp://secunia.com/product/6332/\n\nDESCRIPTION:\nSome vulnerabilities and a security issue have been reported in Cisco\nWireless Control System (WCS), which can be exploited by malicious,\nlocal users to gain knowledge of sensitive information, and by\nmalicious people to gain knowledge of sensitive information, conduct\ncross-site scripting attacks, bypass certain security restrictions\nand potentially compromise a vulnerable system. \n\n1) An undocumented username and hard-coded password exists in the\nWCS. This can be exploited to connect to the WCS internal database\nand to gain access to the configuration information of managed\nwireless access points. \n\nThe security issue has been reported in WCS for Linux and Windows\n3.2(40) and prior. \n\n2) Undocumented database username and password are stored in clear\ntext in several WCS files. This can potentially be exploited by local\nusers to gain knowledge of the user credentials and to gain access to\nthe database. \n\nThe vulnerability has been reported in WCS for Linux and Windows\n3.2(51) and prior. \n\n3) An error within the internal TFTP server allows reading from or\nwriting to arbitrary locations in the filesystem of a WCS system. \n\nSuccessful exploitation requires that the configured root directory\nof the TFTP server contains a space character. \n\nThe vulnerability has been reported in WCS for Linux and Windows\n3.2(51) and prior. \n\n4) Input passed to the unspecified parameter in login page is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\nThe vulnerability has been reported in WCS for Linux and Windows\n3.2(51) and prior. \n\n5) An access control error within the WCS HTTP server can be\nexploited to gain access to certain directories, which may contain\nsensitive information like WCS usernames and directory paths. \n\nThe vulnerability has been reported in WCS for Linux and Windows\n3.2(51) and prior. \n\nNote: It has also been reported that WCS for Linux and Windows 4.0(1)\nand prior are installed with a default administrator username root,\nwith a default password of public. \n\nSOLUTION:\nUpdate to WCS for Linux and Windows 3.2(63) or later. \nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml\n\nDefault administrator passwords should be changed after installation. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3289"
      },
      {
        "db": "BID",
        "id": "18701"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19397"
      },
      {
        "db": "PACKETSTORM",
        "id": "47889"
      }
    ],
    "trust": 1.35
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "18701",
        "trust": 2.0
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3289",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "20870",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "26880",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2583",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016398",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20060628 MULTIPLE VULNERABILITIES IN WIRELESS CONTROL SYSTEM",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "27441",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-19397",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "47889",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19397"
      },
      {
        "db": "BID",
        "id": "18701"
      },
      {
        "db": "PACKETSTORM",
        "id": "47889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3289"
      }
    ]
  },
  "id": "VAR-200606-0249",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19397"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:57:36.725000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3289"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/18701"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/26880"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016398"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/20870"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/2583"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2583"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/27441"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/438590"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6332/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20870/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19397"
      },
      {
        "db": "BID",
        "id": "18701"
      },
      {
        "db": "PACKETSTORM",
        "id": "47889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3289"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-19397"
      },
      {
        "db": "BID",
        "id": "18701"
      },
      {
        "db": "PACKETSTORM",
        "id": "47889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3289"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-06-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19397"
      },
      {
        "date": "2006-06-28T00:00:00",
        "db": "BID",
        "id": "18701"
      },
      {
        "date": "2006-06-29T18:48:34",
        "db": "PACKETSTORM",
        "id": "47889"
      },
      {
        "date": "2006-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      },
      {
        "date": "2006-06-28T23:05:00",
        "db": "NVD",
        "id": "CVE-2006-3289"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19397"
      },
      {
        "date": "2007-06-04T19:50:00",
        "db": "BID",
        "id": "18701"
      },
      {
        "date": "2006-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      },
      {
        "date": "2024-11-21T00:13:15.820000",
        "db": "NVD",
        "id": "CVE-2006-3289"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Wireless control system  HTTP Interface login page Cross-site scripting vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "47889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-589"
      }
    ],
    "trust": 0.7
  }
}

ghsa-fhhw-3xqr-cmmh

Vulnerability from github

Published

2022-05-01 07:07

Modified

2022-05-01 07:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3289"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-28T23:05:00Z",
    "severity": "LOW"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\".",
  "id": "GHSA-fhhw-3xqr-cmmh",
  "modified": "2022-05-01T07:07:36Z",
  "published": "2022-05-01T07:07:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3289"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20870"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016398"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26880"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18701"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2006-3289

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-3289

Aliases

CVE-2006-3289

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3289",
    "description": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\".",
    "id": "GSD-2006-3289"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3289"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\".",
      "id": "GSD-2006-3289",
      "modified": "2023-12-13T01:19:57.619233Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3289",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\"."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2006-2583",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2583"
          },
          {
            "name": "20870",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20870"
          },
          {
            "name": "cisco-wcs-http-xss(27441)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"
          },
          {
            "name": "20060628 Multiple Vulnerabilities in Wireless Control System",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"
          },
          {
            "name": "26880",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26880"
          },
          {
            "name": "1016398",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016398"
          },
          {
            "name": "18701",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18701"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:wireless_control_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2\\(51\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3289"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060628 Multiple Vulnerabilities in Wireless Control System",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"
            },
            {
              "name": "18701",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18701"
            },
            {
              "name": "1016398",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016398"
            },
            {
              "name": "20870",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20870"
            },
            {
              "name": "26880",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26880"
            },
            {
              "name": "ADV-2006-2583",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2583"
            },
            {
              "name": "cisco-wcs-http-xss(27441)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-20T01:32Z",
      "publishedDate": "2006-06-28T23:05Z"
    }
  }
}

fkie_cve-2006-3289

Vulnerability from fkie_nvd

Published

2006-06-28 23:05

Modified

2024-11-21 00:13

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/20870
cve@mitre.org	http://securitytracker.com/id?1016398
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml	Patch
cve@mitre.org	http://www.osvdb.org/26880
cve@mitre.org	http://www.securityfocus.com/bid/18701
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2583
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27441
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20870
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016398
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26880
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18701
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2583
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27441

Impacted products

	Vendor	Product	Version
	cisco	wireless_control_system	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:wireless_control_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B0A192A-AC2C-494D-9AFD-EB4C5DA536B4",
              "versionEndIncluding": "3.2\\(51\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\"."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de inicio de sesi\u00f3n del interfaz HTTP de Cisco Wireless Control System (WCS) para Linux y Windows en sus versiones anteriores a la v3.2(51). Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de vectores de ataque desconocidos que involucran una \"URL maliciosa\"."
    }
  ],
  "id": "CVE-2006-3289",
  "lastModified": "2024-11-21T00:13:15.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-28T23:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20870"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016398"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/26880"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18701"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2583"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/26880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-3289

Vulnerability from cvelistv5

var-200606-0249

Vulnerability from variot

ghsa-fhhw-3xqr-cmmh

Vulnerability from github

gsd-2006-3289

Vulnerability from gsd

fkie_cve-2006-3289

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature