CVE-2006-4950
published 2006-09-23CVE-2006-4950: Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the…
critical10CVSS 3.1
AVNACLAuNCCICAC
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.
Affected
228 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | <= 12.3 | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
Cisco
DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
vendor_cisco·2006-09-20·CVSS 6.0
CVE-2006-4950 [MEDIUM] CWE-264 DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
A vulnerability exists in certain Cisco IOS
® software release trains running on the Cisco
IAD2400 series, 1900 Series Mobile Wireless Edge Routers and Cisco VG224 Analog
Phone Gateways. Vulnerable versions may contain a default hard-coded Simple
Network Management Protocol (SNMP) community string when SNMP is enabled on the
device. The default community string is a result of inadvertently identifying
these devices as supporting Data Over Cable Service Interface Specification
(DOCSIS) compliant interfaces. The consequence of this error is that an
additional read-write community string may be enabled if the device is
configured for SNMP management, allowing a knowledgeable attacker the potential
to gain privileged access
Cisco
DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
vendor_cisco
CVE-2006-4950 DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
CVE-2006-4950: DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
A vulnerability exists in certain Cisco IOS � software release trains running on the Cisco IAD2400 series, 1900 Series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community string when SNMP is enabled on the device. The default community string is a result of inadvertently identifying these devices as supporting Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces. The consequence of this error is that an additional read-write community string may be enabled if the device is configured for SNMP management, allowing a knowledgeable attacker the potential to gain privil
GHSA
GHSA-qprv-2hx6-37wf: Cisco IOS 12
ghsa_unreviewed·2022-05-01
CVE-2006-4950 [HIGH] GHSA-qprv-2hx6-37wf: Cisco IOS 12
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/21974http://securitytracker.com/id?1016899http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtmlhttp://www.kb.cert.org/vuls/id/123140http://www.osvdb.org/29034http://www.securityfocus.com/bid/20125http://www.vupen.com/english/advisories/2006/3722https://exchange.xforce.ibmcloud.com/vulnerabilities/29054https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5665http://secunia.com/advisories/21974http://securitytracker.com/id?1016899http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtmlhttp://www.kb.cert.org/vuls/id/123140http://www.osvdb.org/29034http://www.securityfocus.com/bid/20125http://www.vupen.com/english/advisories/2006/3722https://exchange.xforce.ibmcloud.com/vulnerabilities/29054https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5665
2006-09-23
Published