10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
86.9%
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device.
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings (names). The hard-coded strings are restored to the running configuration after a device reload. The SNMP service is disabled by default.
Successful exploitation of the vulnerability could result in an attacker obtaining full control of the device.
Upgrade
According to Cisco Security Advisory cisco-sa-20100707-snmp, the first fixed IOS releases is 12.2(55)SE, currently scheduled to be available August 2010.
Disable default SNMP community strings
Cisco Security Advisory cisco-sa-20100707-snmp provides detailed information about workarounds and mitigation techniques, including manually and automatically removing SNMP community strings.
732671
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: July 12, 2010
Affected
We have not received a statement from the vendor.
Please see Cisco Security Advisory cisco-sa-20100707-snmp.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Information from Secunia and Cisco was used in this document.
This document was written by Michael Orlando.
CVE IDs: | CVE-2010-1574 |
---|---|
Severity Metric: | 5.93 Date Public: |