PT-2004-1000 · Cisco · Cisco Ios+1
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-1775
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco IOS versions 12.0 through 12.1
Catalyst Operating Software (CatOS) versions 5.5 and 6.1
Description
The issue allows a remote attacker to gain access to device service data via the SNMP protocol, potentially leading to administrative privileges. It affects the Cisco VACM (View-based Access Control MIB) and enables remote attackers to read and modify device configuration using the read-write community string.
Recommendations
For Cisco IOS versions 12.0 through 12.1, consider restricting access to the SNMP protocol until a patch is available.
For Catalyst Operating Software (CatOS) versions 5.5 and 6.1, restrict access to the read-write community string to minimize the risk of exploitation.
As a temporary workaround, consider disabling the SNMP protocol on affected devices until a patch is available.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Catalyst Operating
Cisco Ios