Executive Summary
Summary | |
---|---|
Title | Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings |
Informations | |||
---|---|---|---|
Name | VU#732671 | First vendor Publication | 2010-07-12 |
Vendor | VU-CERT | Last vendor Modification | 2010-07-12 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#732671Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community stringsOverviewCisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device.I. DescriptionCisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings (names). The hard-coded strings are restored to the running configuration after a device reload. The SNMP service is disabled by default.II. ImpactSuccessful exploitation of the vulnerability could result in an attacker obtaining full control of the device.III. SolutionUpgradeAccording to Cisco Security Advisory cisco-sa-20100707-snmp, the first fixed IOS releases is 12.2(55)SE, currently scheduled to be available August 2010.
Referenceshttp://secunia.com/advisories/40407/ Information from Secunia and Cisco was used in this document. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/732671 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 | |
Os | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66120 | Cisco IOS on Industrial Ethernet 3000 Hardcoded SNMP Community Names |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2002-11-25 | Name : The community names of the remote SNMP server can be guessed. File : snmp_default_communities.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-09-22 13:24:28 |
|
2013-05-11 00:57:20 |
|