Design/Logic Flaw

2016-02-1822:59:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.1%

JSON

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

CPENameOperatorVersion
hirschmann_firmwareeq05.3.06
hirschmann_firmwarele09.0.05

CPE	Name	Operator	Version
	hirschmann_firmware	eq	05.3.06
	hirschmann_firmware	le	09.0.05

References

www.kb.cert.org/vuls/id/507216

www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf