|
Cisco IP/VC 3500 Series Hard-Coded SNMP Community Strings
|
|
Secunia Advisory:
|
SA14122
|
|
|
Release Date:
|
2005-02-03
|
|
Last Update:
|
2005-03-03
|
|
Popularity:
|
7,875 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Manipulation of data
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Workaround
|
|
| OS: | Cisco IP/VC 3500 Series
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-0612
|
|
Description:
A security issue has been reported in some Cisco IP/VC Videoconferencing System models, which can be exploited by malicious people to read or manipulate configuration information.
The problem is caused due to hard-coded SNMP (Simple Network Management Protocol) community strings, which may grant anyone with knowledge of these control over an affected IP/VC device.
The security issue affects the following products:
* Cisco IPVC-3510-MCU
* Cisco IPVC-3520-GW-2B
* Cisco IPVC-3520-GW-4B
* Cisco IPVC-3520-GW-2V
* Cisco IPVC-3520-GW-4V
* Cisco IPVC-3520-GW-2B2V
* Cisco IPVC-3525-GW-1P
* Cisco IPVC-3530-VTA
Solution:
The vendor recommends blocking SNMP traffic (ports 161/udp and 162/udp) to affected devices.
Provided and/or discovered by:
Reported by vendor.
Changelog:
2005-03-03: Added CVE reference.
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20050202-ipvc.shtml
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
