CVE-2006-3291 Information

Description

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1 as used on the Cisco Wireless Access Point and Wireless Bridge reconfigures itself when it is changed to use the \Local User List Only (Individual Passwords)\ setting which removes all security and password configurations and allows remote attackers to access the system.

Reference

http://secunia.com/advisories/20860 http://securitytracker.com/id?1016399 http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml http://www.kb.cert.org/vuls/id/544484 http://www.osvdb.org/26878 http://www.securityfocus.com/bid/18704 http://www.vupen.com/english/advisories/2006/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/27437