SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Cisco IP/VC Vendors:   Cisco
Cisco IP/VC Hard-Coded SNMP Community Strings Let Remote Users Access the Device
SecurityTracker Alert ID:  1013067
SecurityTracker URL:  http://securitytracker.com/id/1013067
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 2 2005
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Vendor Confirmed:  Yes  
Version(s): Models 3510, 3520, 3525 and 3530
Description:   A vulnerability was reported in Cisco's IP/VC videoconferencing products. A remote user can gain access to the system using common default SNMP community strings.

Cisco reported that models 3510, 3520, 3525 and 3530 use default, hard-coded SNMP community strings. A remote user with knowledge of the strings can obtain complete control of the device.

The following specific model numbers are affected:

- Cisco IPVC-3510-MCU
- Cisco IPVC-3520-GW-2B
- Cisco IPVC-3520-GW-4B
- Cisco IPVC-3520-GW-2V
- Cisco IPVC-3520-GW-4V
- Cisco IPVC-3520-GW-2B2V
- Cisco IPVC-3525-GW-1P
- Cisco IPVC-3530-VTA

Cisco has not assigned a Cisco bug ID number to this flaw.

Impact:   A remote user can gain control of the target device.
Solution:   Cisco will not provide a fix for this vulnerability. Instead, Cisco has described a workaround in their advisory, available at:

http://www.cisco.com/public/technotes/cisco-sa-20050202-ipvc.shtml

The workaround involves disabling SNMP traffic at the switch port that is connected to the affected device.

Vendor URL:  www.cisco.com/public/technotes/cisco-sa-20050202-ipvc.shtml (Links to External Site)
Cause:   Authentication error, Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC