PT-2016-5171 · Belden · Belden Hirschmann Classic Platform Switches

Mark Jaques

Publicado

2016-02-18

Atualizado

2016-03-23

CVE-2016-2509

CVSS v3.1

5.3

Média

Vetor

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Belden Hirschmann Classic Platform switches L2B versions prior to 05.3.07 Belden Hirschmann Classic Platform switches L2E, L2P, L3E, and L3P versions prior to 09.0.06

Description The password-sync feature sets an SNMP community to the same string as the administrator password, allowing remote attackers to obtain sensitive information by sniffing the network.

Recommendations For L2B versions prior to 05.3.07, update to version 05.3.07 or later to resolve the issue. For L2E, L2P, L3E, and L3P versions prior to 09.0.06, update to version 09.0.06 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2016-2509

Produtos afetados

Belden Hirschmann Classic Platform Switches

PT-2016-5171 · Belden · Belden Hirschmann Classic Platform Switches

CVE-2016-2509

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4