CISCO : Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability (cisco-sa-20160831-sps3)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106241

Categoría: CISCO

Título: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability (cisco-sa-20160831-sps3)

Resumen: A vulnerability in the implementation of SNMP functionality in Cisco; Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to; gain unauthorized access to SNMP objects on an affected device.

Descripción: Summary:
A vulnerability in the implementation of SNMP functionality in Cisco
Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to
gain unauthorized access to SNMP objects on an affected device.

Vulnerability Insight:
The vulnerability is due to the presence of a default SNMP community
string that is added during device installation and cannot be deleted. An attacker could exploit this
vulnerability by using the default SNMP community string to access SNMP objects on an affected device.

Vulnerability Impact:
A successful exploit could allow the attacker to view and modify SNMP
objects on a targeted device.

Affected Software/OS:
Cisco Small Business 220 Series Smart Plus (Sx220) Switches running
firmware release 1.0.0.17, 1.0.0.18, or 1.0.0.19.

Solution:
Upgrade to firmware release 1.0.1.1.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-1999-0517
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0517
Common Vulnerability Exposure (CVE) ID: CVE-2016-1473
BugTraq ID: 92710
http://www.securityfocus.com/bid/92710
Cisco Security Advisory: 20160831 Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3
http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_default_snmp.pdf
http://www.securitytracker.com/id/1036711

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106241
Categoría:	CISCO
Título:	Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability (cisco-sa-20160831-sps3)
Resumen:	A vulnerability in the implementation of SNMP functionality in Cisco; Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to; gain unauthorized access to SNMP objects on an affected device.
Descripción:	Summary: A vulnerability in the implementation of SNMP functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. Vulnerability Insight: The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. Vulnerability Impact: A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Affected Software/OS: Cisco Small Business 220 Series Smart Plus (Sx220) Switches running firmware release 1.0.0.17, 1.0.0.18, or 1.0.0.19. Solution: Upgrade to firmware release 1.0.1.1. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-1999-0517 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0517 Common Vulnerability Exposure (CVE) ID: CVE-2016-1473 BugTraq ID: 92710 http://www.securityfocus.com/bid/92710 Cisco Security Advisory: 20160831 Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3 http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_default_snmp.pdf http://www.securitytracker.com/id/1036711
Copyright	Copyright (C) 2016 Greenbone AG