CVE-2006-3595 Information

Description

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials which allows remote attackers to access the server with arbitrary privilege levels aka bug CSCsa78190.

Reference

http://secunia.com/advisories/21028 http://securitytracker.com/id?1016476 http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml http://www.kb.cert.org/vuls/id/205225 http://www.osvdb.org/27159 http://www.securityfocus.com/bid/18953 http://www.vupen.com/english/advisories/2006/2773 https://exchange.xforce.ibmcloud.com/vulnerabilities/27688 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5826