Cisco ASR 5000 Series SNMP Community String Disclosure Vulnerability

A vulnerability in SNMP configuration management in the Cisco ASR 5000 Series could allow an unauthenticated, remote attacker to read and modify the device configuration using an SNMP read-write community string.

The vulnerability occurs because the configured SNMP community string is not confidential. An attacker could perform an SNMP query to the affected device to view the SNMP community string. An exploit could allow the attacker to read and modify the device configuration using the disclosed SNMP read-write community string.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr”]