Executive Summary

Title Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability
Name cisco-sa-20160831-sps3 First vendor Publication 2016-08-31
Vendor Cisco Last vendor Modification 2016-08-31
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device.

The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3

BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV8RIrK89gD3EAJB5AQLthg/9H31fSwIZPl77TIHr22TNxJxUro4RCWic mN8tfm4DidmQOL8z9KKtWUH+bTuHJG7jN0JMHrON74IGzJabGaH3cGqCnYpePIrg kgJCSkv9nnjlSGADEpCFg5uQ7dCpSCLbGJDRcQ7fY1Dfbu5WBpdNd2nUJo52+k5F ZEQxlSrdWqu/ki0NYCUamEg0PeUslwmSUr2FxQqD3qqb/Hqbm7cKNj2bkAn9ahna J/bJjKIgwj9/l8S6cQZXydgPucH6rhLRGQJ3LrVyvkUbN8zTC7fYslSjvmOe0t/x bZsgdp6pARZSfdOvoGgnpayPlVSFlS80ourZ5H9Km/mbvDT/4Er+hyPO7so5R0en 5FKUmoTiu3rUrQHdq4lfGO+PZ6QX8f3vWbmRcYPSNFKZEddiNPo3SAXBieLmyD0N ocDEmpNg0KJWspkHLfkYav/ET4U+f0EfEwcDzYvg8GRDC/AKyh5p2aSGBe0m+rvj 91fq4Xoh3LDSc7Fb50k3Ky34ghZ9rbBIAWkQFRrF206cEjukL4BDcBB9bBlf70A2 uvbK8mx+jxEYm6uBmcI1swsAy0B/UwvBhkI1bmn7qoNwjg9uYev1k4+8qD8hsbg/ QJBOWROIB+EccA3/aO7vXeBuP4XrPY8Ud5w05FG4RrWYWikMf/4TP84vXV0lZ14D Wt5Q3gIkvJ4= =Jk1q END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

Application 3

OpenVAS Exploits

Date Description
2005-11-03 Name : Check default community names of the SNMP Agent
File : nvt/snmp_default_communities.nasl

Snort® IPS/IDS

Date Description
2016-09-01 Cisco SG200 Series SNMP request via undocumented community string attempt
RuleID : 39994 - Revision : 1 - Type : PROTOCOL-SNMP

Alert History

If you want to see full details history, please login or register.
Date Informations
2017-09-25 21:23:35
  • Multiple Updates
2016-09-02 17:26:01
  • Multiple Updates
2016-09-02 09:23:13
  • Multiple Updates
2016-08-31 21:25:26
  • First insertion