SNMP Configuration Vulnerability in Cisco ASR 5000 Devices
CVE-2016-1452

6.5MEDIUM

Key Information:

Vendor

Cisco
Status
Asr 5000
Asr 5000 Software
Vendor
CVE Published:
15 July 2016

What is CVE-2016-1452?

Cisco ASR 5000 devices running specific software versions are susceptible to a configuration change vulnerability due to improper handling of SNMP community strings. An attacker with knowledge of the read-write community string can remotely manipulate configurations on the device, potentially leading to severe security implications for the network infrastructure. This vulnerability underscores the importance of securing SNMP community strings to prevent unauthorized access and maintain the integrity of network equipment.

References

http://www.securitytracker.com/id/1036298
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/91756
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.