CVE-2006-1961

high

Description

Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25884

http://www.vupen.com/english/advisories/2006/1435

http://www.vupen.com/english/advisories/2006/1434

http://www.securityfocus.com/bid/17609

http://www.securityfocus.com/archive/1/431371/30/5490/threaded

http://www.securityfocus.com/archive/1/431367/30/5490/threaded

http://www.osvdb.org/24813

http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml

http://www.assurance.com.au/advisories/200604-cisco.txt

http://securitytracker.com/id?1015965

http://secunia.com/advisories/19741

http://secunia.com/advisories/19739

http://secunia.com/advisories/19736

Details

Source: Mitre, NVD

Published: 2006-04-21

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01045