| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Aug 2016 12:14:44 -0400 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability Advisory ID: cisco-sa-20160831-sps3 Revision 1.0 For Public Release 2016 August 31 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBV8RIrK89gD3EAJB5AQLthg/9H31fSwIZPl77TIHr22TNxJxUro4RCWic mN8tfm4DidmQOL8z9KKtWUH+bTuHJG7jN0JMHrON74IGzJabGaH3cGqCnYpePIrg kgJCSkv9nnjlSGADEpCFg5uQ7dCpSCLbGJDRcQ7fY1Dfbu5WBpdNd2nUJo52+k5F ZEQxlSrdWqu/ki0NYCUamEg0PeUslwmSUr2FxQqD3qqb/Hqbm7cKNj2bkAn9ahna J/bJjKIgwj9/l8S6cQZXydgPucH6rhLRGQJ3LrVyvkUbN8zTC7fYslSjvmOe0t/x bZsgdp6pARZSfdOvoGgnpayPlVSFlS80ourZ5H9Km/mbvDT/4Er+hyPO7so5R0en 5FKUmoTiu3rUrQHdq4lfGO+PZ6QX8f3vWbmRcYPSNFKZEddiNPo3SAXBieLmyD0N ocDEmpNg0KJWspkHLfkYav/ET4U+f0EfEwcDzYvg8GRDC/AKyh5p2aSGBe0m+rvj 91fq4Xoh3LDSc7Fb50k3Ky34ghZ9rbBIAWkQFRrF206cEjukL4BDcBB9bBlf70A2 uvbK8mx+jxEYm6uBmcI1swsAy0B/UwvBhkI1bmn7qoNwjg9uYev1k4+8qD8hsbg/ QJBOWROIB+EccA3/aO7vXeBuP4XrPY8Ud5w05FG4RrWYWikMf/4TP84vXV0lZ14D Wt5Q3gIkvJ4= =Jk1q -----END PGP SIGNATURE-----
Powered by blists - more mailing lists