Cisco IOS Software Multiple SNMP Community String Vulnerabilities - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Multiple Cisco IOS Software and CatOS software releases contain
several independent but related vulnerabilities involving the
unexpected creation and exposure of SNMP community strings. These
vulnerabilities can be exploited to permit the unauthorized viewing or
modification of affected devices.
To remove the vulnerabilities, Cisco is offering free software upgrades
for all affected platforms. The defects are documented in DDTS records
CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and
CSCds49183.
In addition to specific workarounds for each vulnerability, affected
systems can be protected by preventing SNMP access.

See also :

http://www.nessus.org/u?197acbde
http://www.nessus.org/u?089d57d4

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20010228-ios-snmp-community.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48952 (cisco-sa-20010228-ios-snmp-communityhttp.nasl)

Bugtraq ID: 5030

CVE ID: CVE-2001-1434
CVE-2004-1775
CVE-2004-1776