Executive Summary
| Summary | |
|---|---|
| Title | Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20160831-sps3 | First vendor Publication | 2016-08-31 |
| Vendor | Cisco | Last vendor Modification | 2016-08-31 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3 BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBV8RIrK89gD3EAJB5AQLthg/9H31fSwIZPl77TIHr22TNxJxUro4RCWic mN8tfm4DidmQOL8z9KKtWUH+bTuHJG7jN0JMHrON74IGzJabGaH3cGqCnYpePIrg kgJCSkv9nnjlSGADEpCFg5uQ7dCpSCLbGJDRcQ7fY1Dfbu5WBpdNd2nUJo52+k5F ZEQxlSrdWqu/ki0NYCUamEg0PeUslwmSUr2FxQqD3qqb/Hqbm7cKNj2bkAn9ahna J/bJjKIgwj9/l8S6cQZXydgPucH6rhLRGQJ3LrVyvkUbN8zTC7fYslSjvmOe0t/x bZsgdp6pARZSfdOvoGgnpayPlVSFlS80ourZ5H9Km/mbvDT/4Er+hyPO7so5R0en 5FKUmoTiu3rUrQHdq4lfGO+PZ6QX8f3vWbmRcYPSNFKZEddiNPo3SAXBieLmyD0N ocDEmpNg0KJWspkHLfkYav/ET4U+f0EfEwcDzYvg8GRDC/AKyh5p2aSGBe0m+rvj 91fq4Xoh3LDSc7Fb50k3Ky34ghZ9rbBIAWkQFRrF206cEjukL4BDcBB9bBlf70A2 uvbK8mx+jxEYm6uBmcI1swsAy0B/UwvBhkI1bmn7qoNwjg9uYev1k4+8qD8hsbg/ QJBOWROIB+EccA3/aO7vXeBuP4XrPY8Ud5w05FG4RrWYWikMf/4TP84vXV0lZ14D Wt5Q3gIkvJ4= =Jk1q END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2005-11-03 | Name : Check default community names of the SNMP Agent File : nvt/snmp_default_communities.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-09-01 | Cisco SG200 Series SNMP request via undocumented community string attempt RuleID : 39994 - Revision : 1 - Type : PROTOCOL-SNMP |
Alert History
| Date | Informations |
|---|---|
| 2017-09-25 21:23:35 |
|
| 2016-09-02 17:26:01 |
|
| 2016-09-02 09:23:13 |
|
| 2016-08-31 21:25:26 |
|
