Cisco ASR 5000 Series SNMP Community String Disclosure Vulnerability

cisco-sa-20160713-asr · Medium · Published 9 years ago · Updated 9 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

A vulnerability in SNMP configuration management in the Cisco ASR 5000 Series could allow an unauthenticated, remote attacker to read and modify the device configuration using an SNMP read-write community string. The vulnerability occurs because the configured SNMP community string is not confidential. An attacker could perform an SNMP query to the affected device to view the SNMP community string. An exploit could allow the attacker to read and modify the device configuration using the disclosed SNMP read-write community string. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr

Cisco advisory ·CSAF JSON

Workarounds

Workarounds are not available.

CVEs	CVE-2016-1452
Cisco Bug IDs	CSCuz29526
CVSS Score	Base 4.0 Base 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C

Products with public affected evidence

Product	CVE	Affected evidence
Cisco ASR 5000 Series Software	CVE-2016-1452	structured affected CSAF product_status