CVE-2006-1961

Name of the Vulnerable Software and Affected Versions Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express versions prior to 2.13 Cisco Hosting Solution Engine (HSE) and User Registration Tool (URT) versions prior to 20060419 Cisco Ethernet Subscriber Solution Engine (ESSE) (affected versions not specified) CiscoWorks2000 Service Management Solution (SMS) (affected versions not specified)

Description The issue allows local users to gain Linux shell access via shell metacharacters in arguments to the show command in the application's command line interface (CLI).

Recommendations For Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express versions prior to 2.13, update to version 2.13 or later. For Cisco Hosting Solution Engine (HSE) and User Registration Tool (URT) versions prior to 20060419, update to a version released after 20060419. For Cisco Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS), at the moment, there is no information about a newer version that contains a fix for this vulnerability.