Information Disclosure Vulnerability in Cisco Wireless Control System
CVE-2006-3290

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Control System
Vendor: CVE Published:; 28 June 2006

Summary

The HTTP server in Cisco Wireless Control System (WCS) prior to version 3.2(51) is vulnerable to an information disclosure issue, where sensitive user information and directory paths are stored inadequately under the web root. This deficiency in access control allows remote attackers to exploit the vulnerability through direct URL requests, potentially compromising user credentials and sensitive data.

References

http://www.vupen.com/english/advisories/2006/2583

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/20870

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/27442

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 28, 2006
Vulnerability Reserved
Jun 28, 2006