CVE-2006-3290

high

Description

HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27442

http://www.vupen.com/english/advisories/2006/2583

http://www.securityfocus.com/bid/18701

http://www.osvdb.org/26879

http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml

http://securitytracker.com/id?1016398

http://secunia.com/advisories/20870

Details

Source: Mitre, NVD

Published: 2006-06-28

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00521