CVE-2006-1672

The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.

Published: 2006-04-07 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-1672 is rated Moderate Risk (59.3/100): CVSS High severity, with medium exploitation likelihood (EPSS 3.80%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2006-1672

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-19 4.89% 3.80% -1.10%
2 2025-03-17 9.84% 4.89% -4.95%
3 2025-03-14 9.84%

Full EPSS history (5 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-1672

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2006-1672

Affected software / configurations for CVE-2006-1672

Vendor Product Version Raw CPE
cisco transport_controller 4.0.x cpe:2.3:a:cisco:transport_controller:4.0.x:*:*:*:*:*:*:*
cisco optical_networking_systems_software 1.0 cpe:2.3:a:cisco:optical_networking_systems_software:1.0:*:*:*:*:*:*:*
cisco optical_networking_systems_software 1.1 cpe:2.3:a:cisco:optical_networking_systems_software:1.1:*:*:*:*:*:*:*
cisco optical_networking_systems_software 1.1\(0\) cpe:2.3:a:cisco:optical_networking_systems_software:1.1\(0\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 1.1\(1\) cpe:2.3:a:cisco:optical_networking_systems_software:1.1\(1\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 1.3\(0\) cpe:2.3:a:cisco:optical_networking_systems_software:1.3\(0\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 3.0 cpe:2.3:a:cisco:optical_networking_systems_software:3.0:*:*:*:*:*:*:*
cisco optical_networking_systems_software 3.1.0 cpe:2.3:a:cisco:optical_networking_systems_software:3.1.0:*:*:*:*:*:*:*
cisco optical_networking_systems_software 3.2 cpe:2.3:a:cisco:optical_networking_systems_software:3.2:*:*:*:*:*:*:*
cisco optical_networking_systems_software 3.3.0 cpe:2.3:a:cisco:optical_networking_systems_software:3.3.0:*:*:*:*:*:*:*
cisco optical_networking_systems_software 3.4.0 cpe:2.3:a:cisco:optical_networking_systems_software:3.4.0:*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.0\(1\) cpe:2.3:a:cisco:optical_networking_systems_software:4.0\(1\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.0\(2\) cpe:2.3:a:cisco:optical_networking_systems_software:4.0\(2\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.0.0 cpe:2.3:a:cisco:optical_networking_systems_software:4.0.0:*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.1\(0\) cpe:2.3:a:cisco:optical_networking_systems_software:4.1\(0\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.1\(1\) cpe:2.3:a:cisco:optical_networking_systems_software:4.1\(1\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.1\(2\) cpe:2.3:a:cisco:optical_networking_systems_software:4.1\(2\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.1\(3\) cpe:2.3:a:cisco:optical_networking_systems_software:4.1\(3\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.1.4 cpe:2.3:a:cisco:optical_networking_systems_software:4.1.4:*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.6\(0\) cpe:2.3:a:cisco:optical_networking_systems_software:4.6\(0\):*:*:*:*:*:*:*
cisco optical_networking_systems_software 4.6\(1\) cpe:2.3:a:cisco:optical_networking_systems_software:4.6\(1\):*:*:*:*:*:*:*
cisco ons_15310-cl_series 0 cpe:2.3:h:cisco:ons_15310-cl_series:0:*:*:*:*:*:*:*
cisco ons_15600 0 cpe:2.3:h:cisco:ons_15600:0:*:*:*:*:*:*:*
cisco ons_15454_mspp cpe:2.3:o:cisco:ons_15454_mspp:*:*:*:*:*:*:*:*

References for CVE-2006-1672

cvelogic Threat Intelligence