search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings

Vulnerability Note VU#732671

Original Release Date: 2010-07-12 | Last Revised: 2010-07-12

Overview

Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device.

Description

Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings (names). The hard-coded strings are restored to the running configuration after a device reload. The SNMP service is disabled by default.

Impact

Successful exploitation of the vulnerability could result in an attacker obtaining full control of the device.

Solution

Upgrade

According to Cisco Security Advisory cisco-sa-20100707-snmp, the first fixed IOS releases is 12.2(55)SE, currently scheduled to be available August 2010.


Disable default SNMP community strings

Cisco Security Advisory cisco-sa-20100707-snmp provides detailed information about workarounds and mitigation techniques, including manually and automatically removing SNMP community strings.

Vendor Information

732671
Expand all

Cisco Systems, Inc.

Updated:  July 12, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Please see Cisco Security Advisory cisco-sa-20100707-snmp.

Vendor References

http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Information from Secunia and Cisco was used in this document.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2010-1574
Severity Metric: 5.93
Date Public: 2010-07-07
Date First Published: 2010-07-12
Date Last Updated: 2010-07-12 19:26 UTC
Document Revision: 16

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.