CVE-2006-3289

Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20870
http://securitytracker.com/id?1016398
http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml	Patch
http://www.osvdb.org/26880
http://www.securityfocus.com/bid/18701
http://www.vupen.com/english/advisories/2006/2583
https://exchange.xforce.ibmcloud.com/vulnerabilities/27441

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:wireless_control_system:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-06-28 23:05

Updated : 2017-07-20 01:32

NVD link : CVE-2006-3289

Mitre link : CVE-2006-3289

CVE.ORG link : CVE-2006-3289

JSON object : View

Products Affected

cisco

wireless_control_system

CWE

NVD-CWE-Other

{"id": "CVE-2006-3289", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-06-28T23:05:00.000", "references": [{"url": "http://secunia.com/advisories/20870", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016398", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/26880", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18701", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2583", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\"."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de inicio de sesi\u00f3n del interfaz HTTP de Cisco Wireless Control System (WCS) para Linux y Windows en sus versiones anteriores a la v3.2(51). Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de vectores de ataque desconocidos que involucran una \"URL maliciosa\"."}], "lastModified": "2017-07-20T01:32:12.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wireless_control_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B0A192A-AC2C-494D-9AFD-EB4C5DA536B4", "versionEndIncluding": "3.2\\(51\\)"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}