PT-2016-5171 · Belden · Belden Hirschmann Classic Platform Switches

Mark Jaques

Published

2016-02-18

Updated

2016-03-23

CVE-2016-2509

CVSS v3.1

5.3

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Belden Hirschmann Classic Platform switches L2B versions prior to 05.3.07 Belden Hirschmann Classic Platform switches L2E, L2P, L3E, and L3P versions prior to 09.0.06

Description The password-sync feature sets an SNMP community to the same string as the administrator password, allowing remote attackers to obtain sensitive information by sniffing the network.

Recommendations For L2B versions prior to 05.3.07, update to version 05.3.07 or later to resolve the issue. For L2E, L2P, L3E, and L3P versions prior to 09.0.06, update to version 09.0.06 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-2509

Affected Products

Belden Hirschmann Classic Platform Switches

PT-2016-5171 · Belden · Belden Hirschmann Classic Platform Switches

CVE-2016-2509

Weakness Enumeration

Related Identifiers

Affected Products

References · 4