CVE-2006-1672

Currently unrated

Key Information:

Vendor: Cisco
Status: Transport Controller
Vendor: CVE Published:; 7 April 2006

Summary

The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.

References

http://www.vupen.com/english/advisories/2006/1256

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/24438

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/19553

third-party-advisoryx_refsource_SECUNIA

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 7, 2006
Vulnerability Reserved
Apr 7, 2006