cvelistv5 - cve-2006-1961

CVE-2006-1961 (GCVE-0-2006-1961)

Vulnerability from cvelistv5 – Published: 2006-04-21 10:00 – Updated: 2024-08-07 17:35

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.osvdb.org/24813	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2006/1435	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/17609	vdb-entryx_refsource_BID
	http://www.assurance.com.au/advisories/200604-cisco.txt	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/431371/30/…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/19736	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/431367/30/…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/19739	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/1434	vdb-entryx_refsource_VUPEN
	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	http://secunia.com/advisories/19741	third-party-advisoryx_refsource_SECUNIA
	http://www.cisco.com/warp/public/707/cisco-sr-200…	vendor-advisoryx_refsource_CISCO
	http://securitytracker.com/id?1015965	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:30.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24813",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24813"
          },
          {
            "name": "ADV-2006-1435",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1435"
          },
          {
            "name": "17609",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17609"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
          },
          {
            "name": "cisco-wlse-shell-privilege-escalation(25884)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
          },
          {
            "name": "20060419 Multiple vulnerabilities in Linux based Cisco products",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
          },
          {
            "name": "19736",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19736"
          },
          {
            "name": "20060419 Re: Multiple vulnerabilities in Linux based Cisco products",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
          },
          {
            "name": "19739",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19739"
          },
          {
            "name": "ADV-2006-1434",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1434"
          },
          {
            "name": "20060419 Multiple Vulnerabilities in the WLSE Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
          },
          {
            "name": "19741",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19741"
          },
          {
            "name": "20060419 Response to Privilege Escalation on Multiple Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
          },
          {
            "name": "1015965",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015965"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24813",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24813"
        },
        {
          "name": "ADV-2006-1435",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1435"
        },
        {
          "name": "17609",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17609"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
        },
        {
          "name": "cisco-wlse-shell-privilege-escalation(25884)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
        },
        {
          "name": "20060419 Multiple vulnerabilities in Linux based Cisco products",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
        },
        {
          "name": "19736",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19736"
        },
        {
          "name": "20060419 Re: Multiple vulnerabilities in Linux based Cisco products",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
        },
        {
          "name": "19739",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19739"
        },
        {
          "name": "ADV-2006-1434",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1434"
        },
        {
          "name": "20060419 Multiple Vulnerabilities in the WLSE Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
        },
        {
          "name": "19741",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19741"
        },
        {
          "name": "20060419 Response to Privilege Escalation on Multiple Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
        },
        {
          "name": "1015965",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015965"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1961",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24813",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24813"
            },
            {
              "name": "ADV-2006-1435",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1435"
            },
            {
              "name": "17609",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17609"
            },
            {
              "name": "http://www.assurance.com.au/advisories/200604-cisco.txt",
              "refsource": "MISC",
              "url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
            },
            {
              "name": "cisco-wlse-shell-privilege-escalation(25884)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
            },
            {
              "name": "20060419 Multiple vulnerabilities in Linux based Cisco products",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
            },
            {
              "name": "19736",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19736"
            },
            {
              "name": "20060419 Re: Multiple vulnerabilities in Linux based Cisco products",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
            },
            {
              "name": "19739",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19739"
            },
            {
              "name": "ADV-2006-1434",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1434"
            },
            {
              "name": "20060419 Multiple Vulnerabilities in the WLSE Appliance",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
            },
            {
              "name": "19741",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19741"
            },
            {
              "name": "20060419 Response to Privilege Escalation on Multiple Cisco Products",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
            },
            {
              "name": "1015965",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015965"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1961",
    "datePublished": "2006-04-21T10:00:00",
    "dateReserved": "2006-04-21T00:00:00",
    "dateUpdated": "2024-08-07T17:35:30.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:user_registration_tool:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"441C9430-C57D-48F5-8C6F-B64759ED5777\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E89560E-5A06-44F5-82AB-AEB9AD7B97DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"FBF2B953-773A-4E47-9EEA-4826354650EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D54C89F2-D5F5-412D-85C6-1CD76E03BE26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"2AA97244-E7A9-49A2-9414-E5860AF3611D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E013901C-1B1E-4839-867B-D647A996BF60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"055B35BB-602A-4C26-A0D4-6614D1B09A97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B228B395-6964-449D-9B09-D7BFE31E9851\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"D5344233-E08D-4066-86CD-D9D9B84B039D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25B36A82-33BE-4BA4-9B4A-36D685607A4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"337C5C2C-2A2C-4C94-9DBF-2BB795BEEF1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3D72DCA-130D-4507-BDAC-A6183D08BC2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"6AAF32A3-4D70-4E1A-9FBE-A465F3910B57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87C22C0D-2E74-44B8-BAF1-FACBE7B7A497\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"5BD43E20-9E43-46FB-952A-EE181D87F116\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BB965A0-7FB2-4DF7-82C8-D0AB4E8AE4CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"0A5BDD7D-7321-4061-9E43-3DB613768945\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6C66F51-37FC-4CEF-A532-17522EE32BAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"F6EA38AC-8E50-45FF-8F17-C679E165269D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F560405-DD99-4D09-9D9B-19F88A63C689\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"27C389A3-27DC-4EAB-A08C-60BF1774351B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBBAC34E-4572-48D2-B7B5-5AB623A35A42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"35CFCBC7-68A8-407D-9983-FBA414318880\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CA72C62-7004-4A5C-BEA5-5ACA55279366\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"0C6865FB-479A-41F0-89ED-BF02E80D9FDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ADEEA82-4371-4D25-8CEB-F6F8B32ED9F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"BF202456-0666-4DBB-8918-B30B83850201\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC9515C2-5549-4EBC-8FF1-8C75E92794D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:express:*:*:*:*:*\", \"matchCriteriaId\": \"3D994D17-087E-450B-A5DE-F56949717C6C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ciscoworks_2000_service_management_solution:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10CAB6F5-563C-4E8A-B769-45B1981BADF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:hosting_solution_engine:1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9405E712-6682-4DCE-AA18-311A2D6AA958\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:hosting_solution_engine:1.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDA1DA2E-FD49-46B1-96E0-1129B16A8DD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:hosting_solution_engine:1.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D44C3E02-A17C-48A2-8173-358570C2ACAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:hosting_solution_engine:1.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DA04953-EBE5-482D-83F9-30F10F739C31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:hosting_solution_engine:1.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADE85A5A-2CF3-49FB-A15C-49EA56338FBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ethernet_subscriber_solution_engine:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6290FDDC-8965-4045-900E-933D85511F67\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \\\"show\\\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory.\"}]",
      "id": "CVE-2006-1961",
      "lastModified": "2024-11-21T00:10:11.787",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2006-04-21T10:02:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/19736\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19739\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19741\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1015965\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.assurance.com.au/advisories/200604-cisco.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/24813\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431367/30/5490/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431371/30/5490/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17609\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1434\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1435\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25884\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19736\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/19739\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015965\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.assurance.com.au/advisories/200604-cisco.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/24813\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431367/30/5490/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431371/30/5490/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1434\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1435\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25884\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1961\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-04-21T10:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \\\"show\\\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:user_registration_tool:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"441C9430-C57D-48F5-8C6F-B64759ED5777\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E89560E-5A06-44F5-82AB-AEB9AD7B97DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"FBF2B953-773A-4E47-9EEA-4826354650EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D54C89F2-D5F5-412D-85C6-1CD76E03BE26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"2AA97244-E7A9-49A2-9414-E5860AF3611D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E013901C-1B1E-4839-867B-D647A996BF60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"055B35BB-602A-4C26-A0D4-6614D1B09A97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B228B395-6964-449D-9B09-D7BFE31E9851\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"D5344233-E08D-4066-86CD-D9D9B84B039D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B36A82-33BE-4BA4-9B4A-36D685607A4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"337C5C2C-2A2C-4C94-9DBF-2BB795BEEF1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3D72DCA-130D-4507-BDAC-A6183D08BC2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"6AAF32A3-4D70-4E1A-9FBE-A465F3910B57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C22C0D-2E74-44B8-BAF1-FACBE7B7A497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"5BD43E20-9E43-46FB-952A-EE181D87F116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BB965A0-7FB2-4DF7-82C8-D0AB4E8AE4CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"0A5BDD7D-7321-4061-9E43-3DB613768945\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6C66F51-37FC-4CEF-A532-17522EE32BAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"F6EA38AC-8E50-45FF-8F17-C679E165269D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F560405-DD99-4D09-9D9B-19F88A63C689\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"27C389A3-27DC-4EAB-A08C-60BF1774351B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBBAC34E-4572-48D2-B7B5-5AB623A35A42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"35CFCBC7-68A8-407D-9983-FBA414318880\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CA72C62-7004-4A5C-BEA5-5ACA55279366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"0C6865FB-479A-41F0-89ED-BF02E80D9FDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ADEEA82-4371-4D25-8CEB-F6F8B32ED9F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"BF202456-0666-4DBB-8918-B30B83850201\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC9515C2-5549-4EBC-8FF1-8C75E92794D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"3D994D17-087E-450B-A5DE-F56949717C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ciscoworks_2000_service_management_solution:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10CAB6F5-563C-4E8A-B769-45B1981BADF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:hosting_solution_engine:1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9405E712-6682-4DCE-AA18-311A2D6AA958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:hosting_solution_engine:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDA1DA2E-FD49-46B1-96E0-1129B16A8DD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:hosting_solution_engine:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D44C3E02-A17C-48A2-8173-358570C2ACAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:hosting_solution_engine:1.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DA04953-EBE5-482D-83F9-30F10F739C31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:hosting_solution_engine:1.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADE85A5A-2CF3-49FB-A15C-49EA56338FBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ethernet_subscriber_solution_engine:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6290FDDC-8965-4045-900E-933D85511F67\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19736\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19739\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19741\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015965\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.assurance.com.au/advisories/200604-cisco.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/24813\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/431367/30/5490/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/431371/30/5490/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17609\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1434\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1435\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25884\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19739\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015965\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.assurance.com.au/advisories/200604-cisco.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/24813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/431367/30/5490/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/431371/30/5490/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-89FX-5FV2-J67W

Vulnerability from github – Published: 2022-05-01 06:54 – Updated: 2022-05-01 06:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-1961"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-21T10:02:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory.",
  "id": "GHSA-89fx-5fv2-j67w",
  "modified": "2022-05-01T06:54:30Z",
  "published": "2022-05-01T06:54:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1961"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19736"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19739"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19741"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015965"
    },
    {
      "type": "WEB",
      "url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/24813"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17609"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1434"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1435"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200604-0267

Vulnerability from variot - Updated: 2023-12-18 12:13

Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. plural Cisco The product includes Linux A vulnerability exists that allows shell access to be obtained.By local users Linux Shell access may be obtained. Multiple Linux-based Cisco products are prone to a local privilege-escalation vulnerability. The applications fail to properly sanitize user-supplied input. This issue allows attackers with telnet or SSH access to affected devices to execute arbitrary shell commands with superuser privileges. This facilitates the complete compromise of affected devices. CiscoWorks WLSE is the centralized system-level application for managing and controlling the entire autonomous Cisco WLAN infrastructure. There is a vulnerability in the implementation of the CiscoWorks WLSE configuration management script. Attackers may exploit this vulnerability to obtain sensitive information. The \"displayMsg\" parameter in /wlse/configure/archive/archiveApplyDisplay.jsp in WLSE devices can lead to a cross-site scripting vulnerability. Attackers can exploit this vulnerability to steal JSP session cookies, and then combine it with other vulnerabilities to gain administrative-level access to the system.

This is related to vulnerability #2 in: SA19736

SOLUTION: Apply fixes.

Cisco URT: Update to version 2.5.5(A1) for the URT appliance. http://www.cisco.com/pcgi-bin/tablebuild.pl/urt-3des

Cisco HSE: Apply HSE-PSIRT1 patch. However, Cisco encourages customers requiring a fix to open a service request through the Technical Support organization.

TITLE: Cisco WLSE Privilege Escalation and Cross-Site Scripting

SECUNIA ADVISORY ID: SA19736

VERIFY ADVISORY: http://secunia.com/advisories/19736/

CRITICAL: Less critical

IMPACT: Cross Site Scripting, Privilege escalation

WHERE:

From remote

OPERATING SYSTEM: CiscoWorks Wireless LAN Solution Engine 2.x http://secunia.com/product/2187/

DESCRIPTION: Adam Pointon has reported two vulnerabilities in CiscoWorks Wireless LAN Solution Engine (WLSE), which can be exploited by malicious, local users to gain escalated privileges or by malicious people to conduct cross-site scripting attacks.

1) Input passed to the "displayMsg" parameter in "/wlse/configure/archive/archiveApplyDisplay.jsp" in the WLSE appliance web interface is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

2) Several errors in the "show" CLI application can be exploited to gain a shell account with root privileges from the command line interface.

SOLUTION: Update to version 2.13 or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng

PROVIDED AND/OR DISCOVERED BY: Adam Pointon, Assurance.

The vendor also credits Mathieu Pepin for reporting the second vulnerability.

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml

Assurance: http://www.assurance.com.au/advisories/200604-cisco.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200604-0267",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.8"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.7.2"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.10"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.11"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.7.3"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "ethernet subscriber solution engine",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.13"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.12"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.7.1"
      },
      {
        "model": "user registration tool",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.7.0"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "ciscoworks 2000 service management solution",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ethernet subscriber solution engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "ciscoworks 2000 service management solution",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ciscoworks host solution engine",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "20060419"
      },
      {
        "model": "ciscoworks wireless lan solution engine",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.13"
      },
      {
        "model": "user registration tool",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "20060419"
      },
      {
        "model": "wireless lan solution engine express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11302.0.5"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11302.0.2"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11302.0"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11052.5"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11052.0.2"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11052.0"
      },
      {
        "model": "wireless lan solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "user registration tool",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "service management",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11051.7.3"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11051.7.2"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11051.7.1"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11051.7"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.3"
      },
      {
        "model": "hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ethernet subscriber solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ciscoworks hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1105"
      },
      {
        "model": "wireless lan solution engine express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.13"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "17609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-423"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:user_registration_tool:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ethernet_subscriber_solution_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_2000_service_management_solution:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1961"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adam Pointon http://www.assurance.com.au/",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-423"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-1961",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-1961",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-18069",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-1961",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200604-423",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-18069",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2006-1961",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18069"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-1961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-423"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory. plural Cisco The product includes Linux A vulnerability exists that allows shell access to be obtained.By local users Linux Shell access may be obtained. Multiple Linux-based Cisco products are prone to a local privilege-escalation vulnerability. The applications fail to properly sanitize user-supplied input. \nThis issue allows attackers with telnet or SSH access to affected devices to execute arbitrary shell commands with superuser privileges. This facilitates the complete compromise of affected devices. CiscoWorks WLSE is the centralized system-level application for managing and controlling the entire autonomous Cisco WLAN infrastructure. There is a vulnerability in the implementation of the CiscoWorks WLSE configuration management script. Attackers may exploit this vulnerability to obtain sensitive information. The \\\"displayMsg\\\" parameter in /wlse/configure/archive/archiveApplyDisplay.jsp in WLSE devices can lead to a cross-site scripting vulnerability. Attackers can exploit this vulnerability to steal JSP session cookies, and then combine it with other vulnerabilities to gain administrative-level access to the system. \n\nThis is related to vulnerability #2 in:\nSA19736\n\nSOLUTION:\nApply fixes. \n\nCisco URT:\nUpdate to version 2.5.5(A1) for the URT appliance. \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/urt-3des\n\nCisco HSE:\nApply HSE-PSIRT1 patch. However, Cisco encourages customers requiring a\nfix to open a service request through the Technical Support\norganization. \n\nTITLE:\nCisco WLSE Privilege Escalation and Cross-Site Scripting\n\nSECUNIA ADVISORY ID:\nSA19736\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19736/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting, Privilege escalation\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCiscoWorks Wireless LAN Solution Engine 2.x\nhttp://secunia.com/product/2187/\n\nDESCRIPTION:\nAdam Pointon has reported two vulnerabilities in CiscoWorks Wireless\nLAN Solution Engine (WLSE), which can be exploited by malicious,\nlocal users to gain escalated privileges or by malicious people to\nconduct cross-site scripting attacks. \n\n1) Input passed to the \"displayMsg\" parameter in\n\"/wlse/configure/archive/archiveApplyDisplay.jsp\" in the WLSE\nappliance web interface is not properly sanitised before being\nreturned to users. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of a\nvulnerable site. \n\n2) Several errors in the \"show\" CLI application can be exploited to\ngain a shell account with root privileges from the command line\ninterface. \n\nSOLUTION:\nUpdate to version 2.13 or later. \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng\n\nPROVIDED AND/OR DISCOVERED BY:\nAdam Pointon, Assurance. \n\nThe vendor also credits Mathieu Pepin for reporting the second\nvulnerability. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml\nhttp://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml\n\nAssurance:\nhttp://www.assurance.com.au/advisories/200604-cisco.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      },
      {
        "db": "BID",
        "id": "17609"
      },
      {
        "db": "VULHUB",
        "id": "VHN-18069"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-1961"
      },
      {
        "db": "PACKETSTORM",
        "id": "45617"
      },
      {
        "db": "PACKETSTORM",
        "id": "45618"
      },
      {
        "db": "PACKETSTORM",
        "id": "45615"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-1961",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "17609",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "19741",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "19736",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "19739",
        "trust": 1.9
      },
      {
        "db": "OSVDB",
        "id": "24813",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1015965",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1435",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1434",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003957",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-423",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060419 RE: MULTIPLE VULNERABILITIES IN LINUX BASED CISCO PRODUCTS",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060419 MULTIPLE VULNERABILITIES IN LINUX BASED CISCO PRODUCTS",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20060419 MULTIPLE VULNERABILITIES IN THE WLSE APPLIANCE",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20060419 RESPONSE TO PRIVILEGE ESCALATION ON MULTIPLE CISCO PRODUCTS",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "25884",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-18069",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2006/1435",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2006/1434",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-1961",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "45617",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "45618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "45615",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18069"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-1961"
      },
      {
        "db": "BID",
        "id": "17609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      },
      {
        "db": "PACKETSTORM",
        "id": "45617"
      },
      {
        "db": "PACKETSTORM",
        "id": "45618"
      },
      {
        "db": "PACKETSTORM",
        "id": "45615"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-423"
      }
    ]
  },
  "id": "VAR-200604-0267",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18069"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:13:17.659000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sr-20060419-priv.shtml",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
      },
      {
        "title": "cisco-sa-20060419-wlse.shtml",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
      },
      {
        "title": "id?1015965",
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1015965"
      },
      {
        "title": "19736",
        "trust": 0.8,
        "url": "http://secunia.com/advisories/19736"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1961"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
      },
      {
        "trust": 2.2,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
      },
      {
        "trust": 1.9,
        "url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/17609"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/24813"
      },
      {
        "trust": 1.8,
        "url": "http://securitytracker.com/id?1015965"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/19736"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/19739"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/19741"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2006/1434"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2006/1435"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1961"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1961"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/1434"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/25884"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/431371/30/5490/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/431367/30/5490/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/1435"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/431371"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/431367"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/19736/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19741/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/9457/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/urt-3des"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2186/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19739/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/9459/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/9460/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2187/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18069"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-1961"
      },
      {
        "db": "BID",
        "id": "17609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      },
      {
        "db": "PACKETSTORM",
        "id": "45617"
      },
      {
        "db": "PACKETSTORM",
        "id": "45618"
      },
      {
        "db": "PACKETSTORM",
        "id": "45615"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-423"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-18069"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-1961"
      },
      {
        "db": "BID",
        "id": "17609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      },
      {
        "db": "PACKETSTORM",
        "id": "45617"
      },
      {
        "db": "PACKETSTORM",
        "id": "45618"
      },
      {
        "db": "PACKETSTORM",
        "id": "45615"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-423"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-04-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18069"
      },
      {
        "date": "2006-04-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2006-1961"
      },
      {
        "date": "2006-04-19T00:00:00",
        "db": "BID",
        "id": "17609"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      },
      {
        "date": "2006-04-25T22:06:23",
        "db": "PACKETSTORM",
        "id": "45617"
      },
      {
        "date": "2006-04-25T22:06:23",
        "db": "PACKETSTORM",
        "id": "45618"
      },
      {
        "date": "2006-04-25T22:06:23",
        "db": "PACKETSTORM",
        "id": "45615"
      },
      {
        "date": "2006-04-21T10:02:00",
        "db": "NVD",
        "id": "CVE-2006-1961"
      },
      {
        "date": "2006-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-423"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18069"
      },
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2006-1961"
      },
      {
        "date": "2006-04-20T16:16:00",
        "db": "BID",
        "id": "17609"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      },
      {
        "date": "2018-10-18T16:37:23.910000",
        "db": "NVD",
        "id": "CVE-2006-1961"
      },
      {
        "date": "2007-08-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-423"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "17609"
      },
      {
        "db": "PACKETSTORM",
        "id": "45617"
      },
      {
        "db": "PACKETSTORM",
        "id": "45618"
      },
      {
        "db": "PACKETSTORM",
        "id": "45615"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Cisco In product  Linux Vulnerability gained shell access",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003957"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-423"
      }
    ],
    "trust": 0.6
  }
}

GSD-2006-1961

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-1961

Aliases

CVE-2006-1961

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-1961",
    "description": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory.",
    "id": "GSD-2006-1961"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-1961"
      ],
      "details": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory.",
      "id": "GSD-2006-1961",
      "modified": "2023-12-13T01:19:54.684981Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-1961",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "24813",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/24813"
          },
          {
            "name": "ADV-2006-1435",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1435"
          },
          {
            "name": "17609",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17609"
          },
          {
            "name": "http://www.assurance.com.au/advisories/200604-cisco.txt",
            "refsource": "MISC",
            "url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
          },
          {
            "name": "cisco-wlse-shell-privilege-escalation(25884)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
          },
          {
            "name": "20060419 Multiple vulnerabilities in Linux based Cisco products",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
          },
          {
            "name": "19736",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19736"
          },
          {
            "name": "20060419 Re: Multiple vulnerabilities in Linux based Cisco products",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
          },
          {
            "name": "19739",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19739"
          },
          {
            "name": "ADV-2006-1434",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1434"
          },
          {
            "name": "20060419 Multiple Vulnerabilities in the WLSE Appliance",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
          },
          {
            "name": "19741",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19741"
          },
          {
            "name": "20060419 Response to Privilege Escalation on Multiple Cisco Products",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
          },
          {
            "name": "1015965",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015965"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:user_registration_tool:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ethernet_subscriber_solution_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_2000_service_management_solution:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1961"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060419 Multiple Vulnerabilities in the WLSE Appliance",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
            },
            {
              "name": "20060419 Response to Privilege Escalation on Multiple Cisco Products",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
            },
            {
              "name": "1015965",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1015965"
            },
            {
              "name": "19736",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19736"
            },
            {
              "name": "http://www.assurance.com.au/advisories/200604-cisco.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
            },
            {
              "name": "19739",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19739"
            },
            {
              "name": "19741",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19741"
            },
            {
              "name": "17609",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17609"
            },
            {
              "name": "24813",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/24813"
            },
            {
              "name": "ADV-2006-1435",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1435"
            },
            {
              "name": "ADV-2006-1434",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1434"
            },
            {
              "name": "cisco-wlse-shell-privilege-escalation(25884)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
            },
            {
              "name": "20060419 Multiple vulnerabilities in Linux based Cisco products",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
            },
            {
              "name": "20060419 Re: Multiple vulnerabilities in Linux based Cisco products",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:37Z",
      "publishedDate": "2006-04-21T10:02Z"
    }
  }
}

FKIE_CVE-2006-1961

Vulnerability from fkie_nvd - Published: 2006-04-21 10:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/19736	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19739
cve@mitre.org	http://secunia.com/advisories/19741
cve@mitre.org	http://securitytracker.com/id?1015965	Patch
cve@mitre.org	http://www.assurance.com.au/advisories/200604-cisco.txt
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml	Patch
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml	Patch
cve@mitre.org	http://www.osvdb.org/24813
cve@mitre.org	http://www.securityfocus.com/archive/1/431367/30/5490/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/431371/30/5490/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17609
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1434
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1435
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25884
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19736	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19739
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19741
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015965	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.assurance.com.au/advisories/200604-cisco.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/24813
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/431367/30/5490/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/431371/30/5490/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17609
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1434
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1435
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25884

Impacted products

Vendor	Product	Version
cisco	user_registration_tool	*
cisco	wireless_lan_solution_engine	2.0
cisco	wireless_lan_solution_engine	2.0
cisco	wireless_lan_solution_engine	2.1
cisco	wireless_lan_solution_engine	2.1
cisco	wireless_lan_solution_engine	2.2
cisco	wireless_lan_solution_engine	2.2
cisco	wireless_lan_solution_engine	2.3
cisco	wireless_lan_solution_engine	2.3
cisco	wireless_lan_solution_engine	2.4
cisco	wireless_lan_solution_engine	2.4
cisco	wireless_lan_solution_engine	2.5
cisco	wireless_lan_solution_engine	2.5
cisco	wireless_lan_solution_engine	2.6
cisco	wireless_lan_solution_engine	2.6
cisco	wireless_lan_solution_engine	2.7
cisco	wireless_lan_solution_engine	2.7
cisco	wireless_lan_solution_engine	2.8
cisco	wireless_lan_solution_engine	2.8
cisco	wireless_lan_solution_engine	2.9
cisco	wireless_lan_solution_engine	2.9
cisco	wireless_lan_solution_engine	2.10
cisco	wireless_lan_solution_engine	2.10
cisco	wireless_lan_solution_engine	2.11
cisco	wireless_lan_solution_engine	2.11
cisco	wireless_lan_solution_engine	2.12
cisco	wireless_lan_solution_engine	2.12
cisco	wireless_lan_solution_engine	2.13
cisco	wireless_lan_solution_engine	2.13
cisco	ciscoworks_2000_service_management_solution	*
cisco	hosting_solution_engine	1.7
cisco	hosting_solution_engine	1.7.0
cisco	hosting_solution_engine	1.7.1
cisco	hosting_solution_engine	1.7.2
cisco	hosting_solution_engine	1.7.3
cisco	ethernet_subscriber_solution_engine	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:user_registration_tool:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "441C9430-C57D-48F5-8C6F-B64759ED5777",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E89560E-5A06-44F5-82AB-AEB9AD7B97DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.0:*:express:*:*:*:*:*",
              "matchCriteriaId": "FBF2B953-773A-4E47-9EEA-4826354650EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D54C89F2-D5F5-412D-85C6-1CD76E03BE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "2AA97244-E7A9-49A2-9414-E5860AF3611D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E013901C-1B1E-4839-867B-D647A996BF60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.2:*:express:*:*:*:*:*",
              "matchCriteriaId": "055B35BB-602A-4C26-A0D4-6614D1B09A97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B228B395-6964-449D-9B09-D7BFE31E9851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.3:*:express:*:*:*:*:*",
              "matchCriteriaId": "D5344233-E08D-4066-86CD-D9D9B84B039D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B36A82-33BE-4BA4-9B4A-36D685607A4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.4:*:express:*:*:*:*:*",
              "matchCriteriaId": "337C5C2C-2A2C-4C94-9DBF-2BB795BEEF1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D72DCA-130D-4507-BDAC-A6183D08BC2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.5:*:express:*:*:*:*:*",
              "matchCriteriaId": "6AAF32A3-4D70-4E1A-9FBE-A465F3910B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C22C0D-2E74-44B8-BAF1-FACBE7B7A497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.6:*:express:*:*:*:*:*",
              "matchCriteriaId": "5BD43E20-9E43-46FB-952A-EE181D87F116",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BB965A0-7FB2-4DF7-82C8-D0AB4E8AE4CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.7:*:express:*:*:*:*:*",
              "matchCriteriaId": "0A5BDD7D-7321-4061-9E43-3DB613768945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C66F51-37FC-4CEF-A532-17522EE32BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.8:*:express:*:*:*:*:*",
              "matchCriteriaId": "F6EA38AC-8E50-45FF-8F17-C679E165269D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F560405-DD99-4D09-9D9B-19F88A63C689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.9:*:express:*:*:*:*:*",
              "matchCriteriaId": "27C389A3-27DC-4EAB-A08C-60BF1774351B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBAC34E-4572-48D2-B7B5-5AB623A35A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.10:*:express:*:*:*:*:*",
              "matchCriteriaId": "35CFCBC7-68A8-407D-9983-FBA414318880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA72C62-7004-4A5C-BEA5-5ACA55279366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.11:*:express:*:*:*:*:*",
              "matchCriteriaId": "0C6865FB-479A-41F0-89ED-BF02E80D9FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ADEEA82-4371-4D25-8CEB-F6F8B32ED9F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.12:*:express:*:*:*:*:*",
              "matchCriteriaId": "BF202456-0666-4DBB-8918-B30B83850201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC9515C2-5549-4EBC-8FF1-8C75E92794D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:2.13:*:express:*:*:*:*:*",
              "matchCriteriaId": "3D994D17-087E-450B-A5DE-F56949717C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_2000_service_management_solution:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10CAB6F5-563C-4E8A-B769-45B1981BADF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:hosting_solution_engine:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9405E712-6682-4DCE-AA18-311A2D6AA958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA1DA2E-FD49-46B1-96E0-1129B16A8DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C3E02-A17C-48A2-8173-358570C2ACAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DA04953-EBE5-482D-83F9-30F10F739C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:hosting_solution_engine:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADE85A5A-2CF3-49FB-A15C-49EA56338FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ethernet_subscriber_solution_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6290FDDC-8965-4045-900E-933D85511F67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the \"show\" command in the application\u0027s command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).  NOTE: other issues might be addressed by the Cisco advisory."
    }
  ],
  "id": "CVE-2006-1961",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-21T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19736"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19739"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19741"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015965"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24813"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17609"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1434"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1435"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25884"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-1961 (GCVE-0-2006-1961)

GHSA-89FX-5FV2-J67W

VAR-200604-0267

GSD-2006-1961

FKIE_CVE-2006-1961

Tags

Sightings

Nomenclature