7.5

CVE-2006-1961

EPSS 1.31%
Published 21.04.2006 10:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ User Registration Tool

Cisco ≫ Wireless Lan Solution Engine Version2.0

Cisco ≫ Wireless Lan Solution Engine Version2.0 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.1

Cisco ≫ Wireless Lan Solution Engine Version2.1 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.2

Cisco ≫ Wireless Lan Solution Engine Version2.2 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.3

Cisco ≫ Wireless Lan Solution Engine Version2.3 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.4

Cisco ≫ Wireless Lan Solution Engine Version2.4 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.5

Cisco ≫ Wireless Lan Solution Engine Version2.5 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.6

Cisco ≫ Wireless Lan Solution Engine Version2.6 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.7

Cisco ≫ Wireless Lan Solution Engine Version2.7 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.8

Cisco ≫ Wireless Lan Solution Engine Version2.8 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.9

Cisco ≫ Wireless Lan Solution Engine Version2.9 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.10

Cisco ≫ Wireless Lan Solution Engine Version2.10 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.11

Cisco ≫ Wireless Lan Solution Engine Version2.11 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.12

Cisco ≫ Wireless Lan Solution Engine Version2.12 Editionexpress

Cisco ≫ Wireless Lan Solution Engine Version2.13

Cisco ≫ Wireless Lan Solution Engine Version2.13 Editionexpress

Cisco ≫ Ciscoworks 2000 Service Management Solution

Cisco ≫ Hosting Solution Engine Version1.7

Cisco ≫ Hosting Solution Engine Version1.7.0

Cisco ≫ Hosting Solution Engine Version1.7.1

Cisco ≫ Hosting Solution Engine Version1.7.2

Cisco ≫ Hosting Solution Engine Version1.7.3

Cisco ≫ Ethernet Subscriber Solution Engine

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.31%	0.789

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/19736

Patch

Vendor Advisory

http://securitytracker.com/id?1015965

Patch

http://www.assurance.com.au/advisories/200604-cisco.txt

http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml

Patch

http://www.securityfocus.com/archive/1/431367/30/5490/threaded

http://www.securityfocus.com/archive/1/431371/30/5490/threaded

http://www.vupen.com/english/advisories/2006/1434

http://secunia.com/advisories/19739

http://secunia.com/advisories/19741

http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml

Patch

http://www.osvdb.org/24813

http://www.securityfocus.com/bid/17609

http://www.vupen.com/english/advisories/2006/1435

https://exchange.xforce.ibmcloud.com/vulnerabilities/25884

https://nvd.nist.gov/vuln/detail/CVE-2006-1961

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1961

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1961

EUVD