PT-2008-5161 · Cisco · Cisco Ubr10012+1

Published

2008-09-26

Updated

2022-06-02

CVE-2008-3807

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 and 12.3 on Cisco uBR10012 series devices

Description The issue allows remote attackers to obtain administrative access by guessing the SNMP community and sending SNMP requests. This is because the read/write SNMP service is enabled with a default community string private when linecard redundancy is configured.

Recommendations For Cisco IOS versions 12.2 and 12.3 on Cisco uBR10012 series devices, change the default SNMP community string private to a secure string to prevent unauthorized access. Consider disabling the SNMP service if it is not necessary for operations.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-3807

Affected Products

Cisco Ios

Cisco Ubr10012

PT-2008-5161 · Cisco · Cisco Ubr10012+1

CVE-2008-3807

Related Identifiers

Affected Products

References · 6