Cisco uBR10012 Series Devices SNMP Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco uBR10012 series devices automatically enable Simple Network
Management Protocol (SNMP) read/write access to the device if
configured for linecard redundancy. This can be exploited by an
attacker to gain complete control of the device. Only Cisco uBR10012
series devices that are configured for linecard redundancy are
affected.

Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.

See also :

http://www.nessus.org/u?7be0b39b
http://www.nessus.org/u?7c4809ae

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20080924-ubr.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49027 (cisco-sa-20080924-ubrhttp.nasl)

Bugtraq ID: 31355

CVE ID: CVE-2008-3807