Vulnerability Note VU#732671
Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device.
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings (names). The hard-coded strings are restored to the running configuration after a device reload. The SNMP service is disabled by default.
Successful exploitation of the vulnerability could result in an attacker obtaining full control of the device.
According to Cisco Security Advisory cisco-sa-20100707-snmp, the first fixed IOS releases is 12.2(55)SE, currently scheduled to be available August 2010.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems, Inc.||Affected||-||12 Jul 2010|
CVSS Metrics (Learn More)
Information from Secunia and Cisco was used in this document.
This document was written by Michael Orlando.
- CVE IDs: CVE-2010-1574
- Date Public: 07 Jul 2010
- Date First Published: 12 Jul 2010
- Date Last Updated: 12 Jul 2010
- Severity Metric: 5.93
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.