Cisco uBR10012 Series Devices SNMP Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco uBR10012 series devices automatically enable Simple Network
Management Protocol (SNMP) read/write access to the device if
configured for linecard redundancy. This can be exploited by an
attacker to gain complete control of the device. Only Cisco uBR10012
series devices that are configured for linecard redundancy are
affected.

Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.

See also :

http://www.nessus.org/u?7be0b39b
http://www.nessus.org/u?7c4809ae

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20080924-ubr.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49027 (cisco-sa-20080924-ubrhttp.nasl)

Bugtraq ID: 31355

CVE ID: CVE-2008-3807

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial