Ascend SNMP TFTP Attack
BID:2355
Info
Ascend SNMP TFTP Attack
| Bugtraq ID: | 2355 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 16 1998 12:00AM |
| Updated: | Mar 16 1998 12:00AM |
| Credit: | Discovered by Jennifer Myers and Thomas H. Ptacek at Secure Networks, Inc. Reported to bugtraq by NAI in an advisory dated Mon, Mar 16, 1998. |
| Vulnerable: |
Ascend Pipeline 5.0 .0A Ascend MAX 5.0 .0Ap42 |
| Not Vulnerable: | |
Discussion
Ascend SNMP TFTP Attack
Ascend routers are vulnerable to exploitation of weak default password settings.
Ascend routers are vulnerable to exploitation of weak default password settings.
Exploit / POC
Ascend SNMP TFTP Attack
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Ascend SNMP TFTP Attack
Solution:
Ascend's 6.0 operating system disables SNMP "write" access by default. Previous versions of the software enable
SNMP "write" access with a default community of "write".
Vendor recommends upgrading to the current version of the router's specific OS.
Solution:
Ascend's 6.0 operating system disables SNMP "write" access by default. Previous versions of the software enable
SNMP "write" access with a default community of "write".
Vendor recommends upgrading to the current version of the router's specific OS.
References
Ascend SNMP TFTP Attack
References:
References: