12016: Access Point Web-browser Interface Vulnerability (cisco-sa-20060628-ap)

Access Point Web-browser Interface Vulnerability (cisco-sa-20060628-ap)

General Info

	TC:	12016
	Description:	The Cisco web-browser interface for Cisco access points contains a vulnerability that could, under certain circumstances, remove the default security configuration from the managed access point and allow administrative access without validation of administrative user credentials. Successful exploitation of this vulnerability will result in unauthorized administrative access to the access point via the web management interface or via the console port.
	TC Impact:	Gather Info
	Service:	snmp

Specific Operations and Actions:

	Vulnerability Publication:	June 28, 2006
	Advisory Copyright:	Cisco Systems, Inc.
	Summary:	The Cisco web-browser interface for Cisco access points contains a vulnerability that could, under certain circumstances, remove the default security configuration from the managed access point and allow administrative access without validation of administrative user credentials.
	Risk:	High
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
	CVSS 2.0 Base Score:	9.3

	Vulnerability Impact:	Attack Gain Root

	Host Impact:	Remove the default security configuration. Allow administrative access without validation of administrative user credentials.
	Nature of Remediation:	Cisco IOS.

	Step required to fix the reported vulnerability:
	*** Solution type: Upgrade Software *** Cisco released fixes for this issue. See references for more details.

Glossary and References :

	References:
	* CISCO: 20060628 Access Point Web-browser Interface Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml * CERT-VN: VU#544484 http://www.kb.cert.org/vuls/id/544484 * BID: 18704 http://www.securityfocus.com/bid/18704 * FRSIRT: ADV-2006-2584 http://www.frsirt.com/english/advisories/2006/2584 * OSVDB: 26878 http://www.osvdb.org/26878 * SECTRACK: 1016399 http://securitytracker.com/id?1016399 * SECUNIA: 20860 http://secunia.com/advisories/20860 * XF: cisco-ap-browser-unauth-access(27437) http://xforce.iss.net/xforce/xfdb/27437

	CVE Link:	CVE-2006-3291

	Glossary:	CISCO Credentials HTTP HTTPS IOS SNMP Web browser

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)