var-200604-0267
Vulnerability from variot
Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. plural Cisco The product includes Linux A vulnerability exists that allows shell access to be obtained.By local users Linux Shell access may be obtained. Multiple Linux-based Cisco products are prone to a local privilege-escalation vulnerability. The applications fail to properly sanitize user-supplied input. This issue allows attackers with telnet or SSH access to affected devices to execute arbitrary shell commands with superuser privileges. This facilitates the complete compromise of affected devices. CiscoWorks WLSE is the centralized system-level application for managing and controlling the entire autonomous Cisco WLAN infrastructure. There is a vulnerability in the implementation of the CiscoWorks WLSE configuration management script. Attackers may exploit this vulnerability to obtain sensitive information. The \"displayMsg\" parameter in /wlse/configure/archive/archiveApplyDisplay.jsp in WLSE devices can lead to a cross-site scripting vulnerability. Attackers can exploit this vulnerability to steal JSP session cookies, and then combine it with other vulnerabilities to gain administrative-level access to the system.
This is related to vulnerability #2 in: SA19736
SOLUTION: Apply fixes.
Cisco URT: Update to version 2.5.5(A1) for the URT appliance. http://www.cisco.com/pcgi-bin/tablebuild.pl/urt-3des
Cisco HSE: Apply HSE-PSIRT1 patch. However, Cisco encourages customers requiring a fix to open a service request through the Technical Support organization.
TITLE: Cisco WLSE Privilege Escalation and Cross-Site Scripting
SECUNIA ADVISORY ID: SA19736
VERIFY ADVISORY: http://secunia.com/advisories/19736/
CRITICAL: Less critical
IMPACT: Cross Site Scripting, Privilege escalation
WHERE:
From remote
OPERATING SYSTEM: CiscoWorks Wireless LAN Solution Engine 2.x http://secunia.com/product/2187/
DESCRIPTION: Adam Pointon has reported two vulnerabilities in CiscoWorks Wireless LAN Solution Engine (WLSE), which can be exploited by malicious, local users to gain escalated privileges or by malicious people to conduct cross-site scripting attacks.
1) Input passed to the "displayMsg" parameter in "/wlse/configure/archive/archiveApplyDisplay.jsp" in the WLSE appliance web interface is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
2) Several errors in the "show" CLI application can be exploited to gain a shell account with root privileges from the command line interface.
SOLUTION: Update to version 2.13 or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng
PROVIDED AND/OR DISCOVERED BY: Adam Pointon, Assurance.
The vendor also credits Mathieu Pepin for reporting the second vulnerability.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml
Assurance: http://www.assurance.com.au/advisories/200604-cisco.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200604-0267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.7.2"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.10"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.11"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.5"
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.7.3"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.9"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.8"
},
{
"model": "ethernet subscriber solution engine",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.7"
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.7.0"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "ethernet subscriber solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.4"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.12"
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.7.1"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.13"
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.7"
},
{
"model": "user registration tool",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6"
},
{
"model": "ciscoworks 2000 service management solution",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "ciscoworks 2000 service management solution",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ciscoworks host solution engine",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "20060419"
},
{
"model": "ciscoworks wireless lan solution engine",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "2.13"
},
{
"model": "user registration tool",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "20060419"
},
{
"model": "wireless lan solution engine express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0.5"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0.2"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.5"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.0.2"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.0"
},
{
"model": "wireless lan solution engine",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "user registration tool",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "service management",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11051.7.3"
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11051.7.2"
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11051.7.1"
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11051.7"
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3"
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "ethernet subscriber solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ciscoworks hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1105"
},
{
"model": "wireless lan solution engine express",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.13"
},
{
"model": "wireless lan solution engine",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.13"
}
],
"sources": [
{
"db": "BID",
"id": "17609"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003957"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-423"
},
{
"db": "NVD",
"id": "CVE-2006-1961"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:ciscoworks_2000_service_management_solution",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:hosting_solution_engine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:wireless_lan_solution_engine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:ethernet_subscriber_solution_engine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:user_registration_tool",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003957"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Pointon http://www.assurance.com.au/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-423"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-1961",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-18069",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-1961",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-1961",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200604-423",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-18069",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2006-1961",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18069"
},
{
"db": "VULMON",
"id": "CVE-2006-1961"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003957"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-423"
},
{
"db": "NVD",
"id": "CVE-2006-1961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. plural Cisco The product includes Linux A vulnerability exists that allows shell access to be obtained.By local users Linux Shell access may be obtained. Multiple Linux-based Cisco products are prone to a local privilege-escalation vulnerability. The applications fail to properly sanitize user-supplied input. \nThis issue allows attackers with telnet or SSH access to affected devices to execute arbitrary shell commands with superuser privileges. This facilitates the complete compromise of affected devices. CiscoWorks WLSE is the centralized system-level application for managing and controlling the entire autonomous Cisco WLAN infrastructure. There is a vulnerability in the implementation of the CiscoWorks WLSE configuration management script. Attackers may exploit this vulnerability to obtain sensitive information. The \\\"displayMsg\\\" parameter in /wlse/configure/archive/archiveApplyDisplay.jsp in WLSE devices can lead to a cross-site scripting vulnerability. Attackers can exploit this vulnerability to steal JSP session cookies, and then combine it with other vulnerabilities to gain administrative-level access to the system. \n\nThis is related to vulnerability #2 in:\nSA19736\n\nSOLUTION:\nApply fixes. \n\nCisco URT:\nUpdate to version 2.5.5(A1) for the URT appliance. \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/urt-3des\n\nCisco HSE:\nApply HSE-PSIRT1 patch. However, Cisco encourages customers requiring a\nfix to open a service request through the Technical Support\norganization. \n\nTITLE:\nCisco WLSE Privilege Escalation and Cross-Site Scripting\n\nSECUNIA ADVISORY ID:\nSA19736\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19736/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting, Privilege escalation\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCiscoWorks Wireless LAN Solution Engine 2.x\nhttp://secunia.com/product/2187/\n\nDESCRIPTION:\nAdam Pointon has reported two vulnerabilities in CiscoWorks Wireless\nLAN Solution Engine (WLSE), which can be exploited by malicious,\nlocal users to gain escalated privileges or by malicious people to\nconduct cross-site scripting attacks. \n\n1) Input passed to the \"displayMsg\" parameter in\n\"/wlse/configure/archive/archiveApplyDisplay.jsp\" in the WLSE\nappliance web interface is not properly sanitised before being\nreturned to users. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of a\nvulnerable site. \n\n2) Several errors in the \"show\" CLI application can be exploited to\ngain a shell account with root privileges from the command line\ninterface. \n\nSOLUTION:\nUpdate to version 2.13 or later. \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng\n\nPROVIDED AND/OR DISCOVERED BY:\nAdam Pointon, Assurance. \n\nThe vendor also credits Mathieu Pepin for reporting the second\nvulnerability. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml\nhttp://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml\n\nAssurance:\nhttp://www.assurance.com.au/advisories/200604-cisco.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1961"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003957"
},
{
"db": "BID",
"id": "17609"
},
{
"db": "VULHUB",
"id": "VHN-18069"
},
{
"db": "VULMON",
"id": "CVE-2006-1961"
},
{
"db": "PACKETSTORM",
"id": "45617"
},
{
"db": "PACKETSTORM",
"id": "45618"
},
{
"db": "PACKETSTORM",
"id": "45615"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-1961",
"trust": 2.6
},
{
"db": "BID",
"id": "17609",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "19741",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "19736",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "19739",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "24813",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1015965",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1435",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1434",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003957",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200604-423",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060419 RE: MULTIPLE VULNERABILITIES IN LINUX BASED CISCO PRODUCTS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060419 MULTIPLE VULNERABILITIES IN LINUX BASED CISCO PRODUCTS",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20060419 MULTIPLE VULNERABILITIES IN THE WLSE APPLIANCE",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20060419 RESPONSE TO PRIVILEGE ESCALATION ON MULTIPLE CISCO PRODUCTS",
"trust": 0.6
},
{
"db": "XF",
"id": "25884",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-18069",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2006/1435",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2006/1434",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2006-1961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45617",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45618",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45615",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18069"
},
{
"db": "VULMON",
"id": "CVE-2006-1961"
},
{
"db": "BID",
"id": "17609"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003957"
},
{
"db": "PACKETSTORM",
"id": "45617"
},
{
"db": "PACKETSTORM",
"id": "45618"
},
{
"db": "PACKETSTORM",
"id": "45615"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-423"
},
{
"db": "NVD",
"id": "CVE-2006-1961"
}
]
},
"id": "VAR-200604-0267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-18069"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:15:16.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sr-20060419-priv.shtml",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
},
{
"title": "cisco-sa-20060419-wlse.shtml",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
},
{
"title": "id?1015965",
"trust": 0.8,
"url": "http://securitytracker.com/id?1015965"
},
{
"title": "19736",
"trust": 0.8,
"url": "http://secunia.com/advisories/19736"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003957"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
},
{
"trust": 2.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
},
{
"trust": 1.9,
"url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/17609"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/24813"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1015965"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/19736"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/19739"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/19741"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2006/1434"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2006/1435"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1961"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1961"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1434"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25884"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/431371/30/5490/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/431367/30/5490/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1435"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
},
{
"trust": 0.3,
"url": "/archive/1/431371"
},
{
"trust": 0.3,
"url": "/archive/1/431367"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/19736/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19741/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9457/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/urt-3des"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2186/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19739/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9459/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9460/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2187/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18069"
},
{
"db": "VULMON",
"id": "CVE-2006-1961"
},
{
"db": "BID",
"id": "17609"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003957"
},
{
"db": "PACKETSTORM",
"id": "45617"
},
{
"db": "PACKETSTORM",
"id": "45618"
},
{
"db": "PACKETSTORM",
"id": "45615"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-423"
},
{
"db": "NVD",
"id": "CVE-2006-1961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-18069"
},
{
"db": "VULMON",
"id": "CVE-2006-1961"
},
{
"db": "BID",
"id": "17609"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003957"
},
{
"db": "PACKETSTORM",
"id": "45617"
},
{
"db": "PACKETSTORM",
"id": "45618"
},
{
"db": "PACKETSTORM",
"id": "45615"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-423"
},
{
"db": "NVD",
"id": "CVE-2006-1961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-18069"
},
{
"date": "2006-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2006-1961"
},
{
"date": "2006-04-19T00:00:00",
"db": "BID",
"id": "17609"
},
{
"date": "2014-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003957"
},
{
"date": "2006-04-25T22:06:23",
"db": "PACKETSTORM",
"id": "45617"
},
{
"date": "2006-04-25T22:06:23",
"db": "PACKETSTORM",
"id": "45618"
},
{
"date": "2006-04-25T22:06:23",
"db": "PACKETSTORM",
"id": "45615"
},
{
"date": "2006-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-423"
},
{
"date": "2006-04-21T10:02:00",
"db": "NVD",
"id": "CVE-2006-1961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-18069"
},
{
"date": "2018-10-18T00:00:00",
"db": "VULMON",
"id": "CVE-2006-1961"
},
{
"date": "2006-04-20T16:16:00",
"db": "BID",
"id": "17609"
},
{
"date": "2014-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003957"
},
{
"date": "2007-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-423"
},
{
"date": "2024-11-21T00:10:11.787000",
"db": "NVD",
"id": "CVE-2006-1961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "17609"
},
{
"db": "PACKETSTORM",
"id": "45617"
},
{
"db": "PACKETSTORM",
"id": "45618"
},
{
"db": "PACKETSTORM",
"id": "45615"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco In product Linux Vulnerability gained shell access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003957"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-423"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.