CVE-2008-3807
published 2008-09-26CVE-2008-3807: Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ubr10012_series_devices | — | — |
Cisco
Cisco uBR10012 Series Devices SNMP Vulnerability
vendor_cisco·2008-09-24·CVSS 10.0
CVE-2008-3807 [CRITICAL] CWE-264 Cisco uBR10012 Series Devices SNMP Vulnerability
Cisco uBR10012 Series Devices SNMP Vulnerability
Cisco uBR10012 series devices automatically enable Simple Network
Management Protocol (SNMP) read/write access to the device if configured for
linecard redundancy. This can be exploited by an attacker to gain complete
control of the device. Only Cisco uBR10012 series devices that are configured
for linecard redundancy are affected.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are
available.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080924-ubr.
Note: The September 24, 2008 IOS Advisory bundled publication includes
twelve Security Advisories. Eleven of the advisories address vulnerabilities in
Ci
Cisco
Cisco uBR10012 Series Devices SNMP Vulnerability
vendor_cisco
CVE-2008-3807 Cisco uBR10012 Series Devices SNMP Vulnerability
CVE-2008-3807: Cisco uBR10012 Series Devices SNMP Vulnerability
Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if configured for linecard redundancy. This can be exploited by an attacker to gain complete control of the device. Only Cisco uBR10012 series devices that are configured for linecard redundancy are affected. Cisco has released software updates that address this vulnerability.
CWE: CWE-264, CWE-264
Bug IDs: CSCek57932, CSCsg60220, CSCek57932
GHSA
GHSA-mgm9-wwmw-w7xv: Cisco IOS 12
ghsa_unreviewed·2022-05-02
CVE-2008-3807 [HIGH] GHSA-mgm9-wwmw-w7xv: Cisco IOS 12
Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/31990http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014b1.shtmlhttp://www.securitytracker.com/id?1020941http://www.vupen.com/english/advisories/2008/2670https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5452http://secunia.com/advisories/31990http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014b1.shtmlhttp://www.securitytracker.com/id?1020941http://www.vupen.com/english/advisories/2008/2670https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5452
2008-09-26
Published