Cisco IOS Software Multiple SNMP Community String Vulnerabilities - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Multiple Cisco IOS Software and CatOS software releases contain
several independent but related vulnerabilities involving the
unexpected creation and exposure of SNMP community strings. These
vulnerabilities can be exploited to permit the unauthorized viewing or
modification of affected devices.
To remove the vulnerabilities, Cisco is offering free software upgrades
for all affected platforms. The defects are documented in DDTS records
CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and
In addition to specific workarounds for each vulnerability, affected
systems can be protected by preventing SNMP access.

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48952 (cisco-sa-20010228-ios-snmp-communityhttp.nasl)

Bugtraq ID: 5030

CVE ID: CVE-2001-1434