CVE-2010-1574Improper Authentication in Cisco IOS

CWE-264CWE-287Improper Authentication4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
1.4%
top 19.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedJul 8
Latest updateMay 17

Description

IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDcisco/ios12.2\(52\)se, 12.2\(52\)se1+1

🔴Vulnerability Details

2
GHSA
GHSA-hqc8-q9j9-3wxj: IOS 122022-05-17
CVEList
CVE-2010-1574: IOS 122010-07-08

📋Vendor Advisories

1
Cisco
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability2010-07-07
CVE-2010-1574 — Improper Authentication in Cisco IOS | cvebase