Secunia Logo
Netsikker nu! 2008
 
Cisco Products SNMPv3 Two Vulnerabilities
Secunia Advisory: SA30612
Release Date: 2008-06-11
Popularity: 5,602 views

Critical:
Moderately critical
Impact: Spoofing
Where: From local network
Solution Status: Vendor Patch

OS:Cisco Application Control Engine (ACE) Appliance
Cisco Application Control Engine (ACE) XML Gateway
Cisco CATOS 6.x
Cisco CATOS 7.x
Cisco CATOS 8.x
Cisco IOS 12.x
Cisco IOS R12.x
Cisco IOS XR 3.x
Cisco NX-OS 4.x
Cisco SAN-OS 2.x (MDS 9000 Switches)
Cisco SAN-OS 3.x (MDS 9000 Switches)

Software:Cisco Application Control Engine (ACE) Module

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2008-0960


Description:
Two vulnerabilities have been reported in various Cisco products, which can be exploited by malicious people to spoof authenticated SNMPv3 packets.

The vulnerabilities are caused due to errors in the authentication code of multiple SNMPv3 implementations and can be exploited via specially crafted SNMPv3 packets using HMAC-MD5-96 or HMAC-SHA-96 as authentication protocol.

Successful exploitation allows to disclose certain network information or make configuration changes on a vulnerable device, but requires that the SNMP server is enabled (disabled by default).

This is related to:
SA30574

The vulnerabilities are reported in the following products:
* Cisco IOS
* Cisco IOS-XR
* Cisco Catalyst Operating System (CatOS)
* Cisco NX-OS
* Cisco Application Control Engine (ACE) Module
* Cisco ACE Appliance
* Cisco ACE XML Gateway
* Cisco MDS 9000 Series Multilayer Fabric Switches

Solution:
Update to fixed versions (please see vendor advisory for details).

Provided and/or discovered by:
The vendor credits Dr. Tom Dunigan of the University of Tennessee and Net-SNMP.

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml

Other References:
SA30574:
http://secunia.com/advisories/30574/


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Subdreamer Light Global Variables SQL Injection Vulnerability // 31 views
2. Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities // 30 views
3. CA ARCserve Backup Multiple Vulnerabilities // 24 views
4. Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow // 24 views
5. PluggedOut Blog "index.php" SQL Injection Vulnerabilities // 24 views
6. Apple Mac OS X Security Update Fixes Multiple Vulnerabilities // 21 views
7. PHP Real Estate Classifieds "id" SQL Injection // 19 views
8. Journalness "last_module" PHP Code Execution // 18 views
9. GNUBoard "doc" Parameter Arbitrary File Inclusion Vulnerability // 18 views
10. ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability // 17 views