fkie_cve-2010-1574
Vulnerability from fkie_nvd
Published
2010-07-08 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.
References
psirt@cisco.comhttp://osvdb.org/66120
psirt@cisco.comhttp://secunia.com/advisories/40407Vendor Advisory
psirt@cisco.comhttp://securitytracker.com/id?1024173
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtmlVendor Advisory
psirt@cisco.comhttp://www.kb.cert.org/vuls/id/732671US Government Resource
psirt@cisco.comhttp://www.securityfocus.com/bid/41436
psirt@cisco.comhttp://www.vupen.com/english/advisories/2010/1754
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/60145
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/66120
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40407Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1024173
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/732671US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/41436
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1754
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/60145
Impacted products
Vendor Product Version
cisco ios 12.2\(52\)se
cisco ios 12.2\(52\)se1
cisco industrial_ethernet_3000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(52\\)se:*:*:*:*:*:*:*",
              "matchCriteriaId": "5898745E-C1D3-4D0E-8476-2EEAA4327B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(52\\)se1:*:*:*:*:*:*:*",
              "matchCriteriaId": "887C5632-F3F7-4EDB-A065-D81F64A9B15C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_3000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B991E20-4BDF-4B0E-AEAA-C74115F78EB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589."
    },
    {
      "lang": "es",
      "value": "IOS v12.2(52)SE y v12.2(52)SE1 en switches Cisco Industrial Ethernet (IE) 3000 series tiene (1) un nombre de comunidad p\u00fablico con acceso RO y (2) un nombre de comunidad privado de acceso RW, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos modificar la configuraci\u00f3n u obtener informaci\u00f3n sensible a trav\u00e9s de peticiones SNMP, tambi\u00e9n conocido como Bug ID CSCtf25589."
    }
  ],
  "id": "CVE-2010-1574",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-07-08T18:30:00.827",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/66120"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40407"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1024173"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/732671"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/41436"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2010/1754"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/66120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/732671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/41436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60145"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.