BID:12424

Cisco IP/VC Videoconferencing System SNMP Remote Default Community String Vulnerability

Info

Cisco IP/VC Videoconferencing System SNMP Remote Default Community String Vulnerability

Bugtraq ID:	12424
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 02 2005 12:00AM
Updated:	Feb 02 2005 12:00AM
Credit:	The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable:	Cisco IPVC 3530-VTA Cisco IPVC 3525-GW-1P Cisco IPVC 3520-GW-4V Cisco IPVC 3520-GW-4B Cisco IPVC 3520-GW-2V Cisco IPVC 3520-GW-2B2V Cisco IPVC 3520-GW-2B Cisco IPVC 3510-MCU

Not Vulnerable:	Cisco IPVC 3540-XAM06 Cisco IPVC 3540-XAM03 Cisco IPVC 3540-XAG Cisco IPVC 3540-RM Cisco IPVC 3540-MCU10A Cisco IPVC 3540-MCU06A Cisco IPVC 3540-MCU03A Cisco IPVC 3540-GW4S Cisco IPVC 3540-GW2P Cisco IPVC 3540-EMP3 Cisco IPVC 3540-EMP Cisco IPVC 3526-GW-1P Cisco IPVC 3521-GW-4B Cisco IPVC 3511-MCU-E Cisco IPVC 3511-MCU

Discussion

Cisco IP/VC Videoconferencing System SNMP Remote Default Community String Vulnerability

A default community string vulnerability affects Cisco IP/VC Videoconferencing System devices. This issue is due to a design flaw where hard-coded community strings are stored on the device.

This issue may be leveraged to gain unauthorized administrator access to affected devices. This would allow an attacker to create new services, terminate or affect existing sessions, and redirect traffic to a different destination, among other attacks.

Exploit / POC

Cisco IP/VC Videoconferencing System SNMP Remote Default Community String Vulnerability

No exploit is required to leverage this issue.

Solution / Fix

Cisco IP/VC Videoconferencing System SNMP Remote Default Community String Vulnerability

Solution:
The vendor has released an updated advisory to address this vulnerability. Customers are advised that no fixes are currently available, upgrading the affected hardware is the only current solution. Please see the referenced advisory for more information.

References

Cisco IP/VC Videoconferencing System SNMP Remote Default Community String Vulnerability

References: