Vulnerability Note VU#472412
Cisco Catalyst Systems with a NAM may allow system access via spoofing the SNMP communication
A vulnerabilty in Cisco Catalyst Systems that have a Network Analysis Module (NAM) installed may allow a remote, unauthenticated attacker to gain complete control of this device.
Cisco Catalyst 6000, 6500, and Cisco 7600 series switches may utilize Cisco's NAM to monitor and analyze network traffic using Management Information Bases (MIBs). Cisco Catalyst 6000, 6500 and Cisco 7600 series switches that have a NAM installed contain a vulnerability in the way SNMP packets are handled. According to Cisco Security Advisory: cisco-sa-20070228-nam:
NAMs communicate with the Catalyst system by using the Simple Network Management Protocol (SNMP). By spoofing the SNMP communication between the Catalyst system and the NAM an attacker may obtain complete control of the Catalyst system.
Note that only Cisco Catalyst 6000, 6500 and Cisco 7600 series systems with a NAM on them are affected by this issue. According to Cisco, none of their other products, including the Network Analysis Modules for Cisco Branch Routers (NM-NAM), are affected by this issue .
By successfully exploiting this vulnerability, an attacker may gain complete control of the device.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems, Inc.||Affected||-||02 Mar 2007|
CVSS Metrics (Learn More)
This vulnerabilty was reported in Cisco Security Advisory: cisco-sa-20070228-nam.
This document was written by Chris Taschner.
- CVE IDs: Unknown
- Date Public: 28 Feb 2007
- Date First Published: 02 Mar 2007
- Date Last Updated: 22 Mar 2007
- Severity Metric: 9.37
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.