CVE-2006-3595

critical

Description

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5826

https://exchange.xforce.ibmcloud.com/vulnerabilities/27688

http://www.vupen.com/english/advisories/2006/2773

http://www.securityfocus.com/bid/18953

http://www.osvdb.org/27159

http://www.kb.cert.org/vuls/id/205225

http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml

http://securitytracker.com/id?1016476

http://secunia.com/advisories/21028

Details

Source: Mitre, NVD

Published: 2006-07-18

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.02035

Detections

Analytics