CVE-2006-1672

high Cisco
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
3.8%
Exploitation probability in 30 days
Top 12% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: April 7, 2006 (7342 days ago)
Last Modified: April 16, 2026
Vendor: Cisco
Source: NVD

Description

The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.

CWE

NVD-CWE-Other

Affected Products

cisco transport controllercisco optical networking systems softwarecisco ons 15310-cl seriescisco ons 15600cisco ons 15454 mspp

References

🔗 secunia.com 🔗 securitytracker.com 🔗 www.cisco.com 🔗 www.osvdb.org 🔗 www.securityfocus.com