Vulnslist

find the latest Cisco vulnerabilities

Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability

cisco-sa-20160831-sps3 · Critical · Published · Updated

A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-1473
Cisco Bug IDsCSCuz76216
CVSS ScoreBase 10.0
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Small Business 220 Series Smart Plus Switches

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Small Business 220 Series Smart Plus Switches known_affected cisco_csaf CVE-2016-1473 1

Related Products

Product CVE Evidence
Cisco Small Business 220 Series Smart Plus Switches CVE-2016-1473 Cisco CSAF
Cisco Business 220 Series Switches CVE-2016-1473 Cisco OpenVuln
Cisco Small Business 220 Series Smart Switches CVE-2016-1473 Cisco OpenVuln