10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Multiple Cisco products contain either of two authentication
vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3)
feature. These vulnerabilities can be exploited when processing a malformed
SNMPv3 message. These vulnerabilities could allow the disclosure of network
information or may enable an attacker to perform configuration changes to
vulnerable devices. The SNMP server is an optional service that is disabled by
default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities.
Workarounds are available for mitigating the impact of the vulnerabilities
described in this document.
Note: SNMP versions 1, 2 and 2c are not impacted by these vulnerabilities.
The United States Computer Emergency Response Team (US-CERT) has
assigned Vulnerability Note
VU#878044[“http://www.kb.cert.org/vuls/id/878044”]
to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier
CVE-2008-0960[“http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0960”]
has also been assigned to these
vulnerabilities.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080610-snmpv3[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080610-snmpv3”].