CVE-2006-3291

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.3(8)JA and 12.3(8)JA1

Description The issue affects the web interface of Cisco IOS, specifically when the setting is changed to use the "Local User List Only (Individual Passwords)" option. This change causes the removal of all security and password configurations, allowing remote attackers to access the system.

Recommendations For Cisco IOS version 12.3(8)JA, avoid using the "Local User List Only (Individual Passwords)" setting until a fix is available. For Cisco IOS version 12.3(8)JA1, avoid using the "Local User List Only (Individual Passwords)" setting until a fix is available. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.