CVE-2010-1574
published 2010-07-08CVE-2010-1574: IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name…
critical10CVSS 3.1
AVNACLAuNCCICAC
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | industrial_ethernet_3000_series_switches | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
Cisco
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
vendor_cisco·2010-07-07·CVSS 10.0
CVE-2010-1574 [CRITICAL] CWE-287 Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco
IOS® Software releases 12.2(52)SE or 12.2(52)SE1,
contain a vulnerability where well known SNMP community names are hard-coded
for both read and write access. The
hard-coded community names are "public" and "private."
Cisco recommends that all administrators deploy the mitigation measures
outlined in the Workarounds section or perform a Cisco IOS Software
upgrade.
Cisco has released software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100707-snmp.
Cisco
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
vendor_cisco
CVE-2010-1574 Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
CVE-2010-1574: Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS � Software releases 12.2(52)SE or 12.2(52)SE1, contain a vulnerability where well known SNMP community names are hard-coded for both read and write access. The hard-coded community names are "public" and "private." Cisco recommends that all administrators deploy the mitigation measures outlined in the
CWE: CWE-287, CWE-287
Bug IDs: CSCtf25589, CSCtf25589
GHSA
GHSA-hqc8-q9j9-3wxj: IOS 12
ghsa_unreviewed·2022-05-17
CVE-2010-1574 [HIGH] GHSA-hqc8-q9j9-3wxj: IOS 12
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/66120http://secunia.com/advisories/40407http://securitytracker.com/id?1024173http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtmlhttp://www.kb.cert.org/vuls/id/732671http://www.securityfocus.com/bid/41436http://www.vupen.com/english/advisories/2010/1754https://exchange.xforce.ibmcloud.com/vulnerabilities/60145http://osvdb.org/66120http://secunia.com/advisories/40407http://securitytracker.com/id?1024173http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtmlhttp://www.kb.cert.org/vuls/id/732671http://www.securityfocus.com/bid/41436http://www.vupen.com/english/advisories/2010/1754https://exchange.xforce.ibmcloud.com/vulnerabilities/60145
2010-07-08
Published