ID CVE-2008-3807
Summary Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.
References
Vulnerable Configurations
  • cpe:2.3:h:cisco:ios:12.3bc
    cpe:2.3:h:cisco:ios:12.3bc
  • cpe:2.3:h:cisco:ios:12.2bc
    cpe:2.3:h:cisco:ios:12.2bc
  • cpe:2.3:h:cisco:ios:12.2cx
    cpe:2.3:h:cisco:ios:12.2cx
  • cpe:2.3:h:cisco:ios:12.2cy
    cpe:2.3:h:cisco:ios:12.2cy
  • cpe:2.3:h:cisco:ios:12.2xf
    cpe:2.3:h:cisco:ios:12.2xf
CVSS
Base: 9.3 (as of 29-09-2008 - 16:21)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family CISCO
NASL id CISCO-SA-20080924-UBRHTTP.NASL
description Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if configured for linecard redundancy. This can be exploited by an attacker to gain complete control of the device. Only Cisco uBR10012 series devices that are configured for linecard redundancy are affected. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
last seen 2019-02-21
modified 2018-11-15
plugin id 49027
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49027
title Cisco uBR10012 Series Devices SNMP Vulnerability - Cisco Systems
oval via4
accepted 2008-12-22T04:00:07.706-05:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.
family ios
id oval:org.mitre.oval:def:5452
status accepted
submitted 2008-09-24T11:06:36.000-04:00
title Cisco uBR10012 Series Devices SNMP Vulnerability
version 6
refmap via4
cisco 20080924 Cisco uBR10012 Series Devices SNMP Vulnerability
sectrack 1020941
secunia 31990
vupen ADV-2008-2670
Last major update 29-10-2012 - 23:15
Published 26-09-2008 - 12:21
Last modified 28-09-2017 - 21:31
Back to Top