|
|
|
 |
Vulnerability Note VU#732671Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community stringsOverviewCisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device.I. DescriptionCisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings (names). The hard-coded strings are restored to the running configuration after a device reload. The SNMP service is disabled by default.II. ImpactSuccessful exploitation of the vulnerability could result in an attacker obtaining full control of the device.III. SolutionUpgradeAccording to Cisco Security Advisory cisco-sa-20100707-snmp, the first fixed IOS releases is 12.2(55)SE, currently scheduled to be available August 2010.
Referenceshttp://secunia.com/advisories/40407/ Information from Secunia and Cisco was used in this document. This document was written by Michael Orlando.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||