Wednesday, August 31, 2016

Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability

A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device.

The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2bH1utt A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device.

The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2bH1utt
Security Impact Rating: Critical
CVE: CVE-2016-1473

from Cisco Security Advisory http://ift.tt/2bH1utt

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.