Overview
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device.
Description
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings (names). The hard-coded strings are restored to the running configuration after a device reload. The SNMP service is disabled by default. |
Impact
Successful exploitation of the vulnerability could result in an attacker obtaining full control of the device. |
Solution
Upgrade According to Cisco Security Advisory cisco-sa-20100707-snmp, the first fixed IOS releases is 12.2(55)SE, currently scheduled to be available August 2010. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Information from Secunia and Cisco was used in this document.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | CVE-2010-1574 |
| Severity Metric: | 5.93 |
| Date Public: | 2010-07-07 |
| Date First Published: | 2010-07-12 |
| Date Last Updated: | 2010-07-12 19:26 UTC |
| Document Revision: | 16 |