CVE-2018-0329

CWE-798Hard-coded Credentials4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 45.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Wide Area Application Services
Timeline
PublishedJun 7
Latest updateMay 13

Description

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/wide_area_application_services6.2\(3\), 6.4\(1\)+1
CVEListV5cisco_wide_area_application_services_unknownCisco Wide Area Application Services unknown

🔴Vulnerability Details

2
GHSA
GHSA-59gg-4m9f-5hc8: A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) S2022-05-13
CVEList
CVE-2018-0329: A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) S2018-06-07

📋Vendor Advisories

1
Cisco
Cisco Wide Area Application Services Software Static SNMP Credentials Vulnerability2018-06-06
CVE-2018-0329 (MEDIUM CVSS 5.3) | A vulnerability in the default conf | cvebase.io