Cisco IP/VC 3500 Series Default Persistent SNMP Community String

2005-02-02T05:06:37
ID OSVDB:13442
Type osvdb
Reporter OSVDB
Modified 2005-02-02T05:06:37

Description

Vulnerability Description

Cisco IPVC 3500 Series contains a flaw that may allow a system compromise. The issue is triggered by default persistant SNMP community strings on the devices. It is possible that the flaw may allow a remote attacker to gain full control over the device, resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): block and/or filter SNMP traffic on the switch port the vulnerable device is plugged into or at the nearest device closest to the vulnerable IPVC device.

Short Description

Cisco IPVC 3500 Series contains a flaw that may allow a system compromise. The issue is triggered by default persistant SNMP community strings on the devices. It is possible that the flaw may allow a remote attacker to gain full control over the device, resulting in a loss of integrity.

References:

Vendor URL: http://www.cisco.com/ Security Tracker: 1013067 Secunia Advisory ID:14122 Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20050202-ipvc.shtml Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0958.html CVE-2005-0612