Sensitive Information Exposure in Belden Hirschmann Classic Platform Switches
CVE-2016-2509

5.3MEDIUM

Key Information:

Vendor: Belden
Status: Hirschmann Firmware; Hirschmann L2b
Vendor: CVE Published:; 18 February 2016

What is CVE-2016-2509?

The Belden Hirschmann Classic Platform switches possess a vulnerability within their password-sync feature, where the SNMP community string is configured to match the administrator password. This flaw affects various models, including L2B (versions before 05.3.07) and other series (L2E, L2P, L3E, L3P) with versions prior to 09.0.06. This misconfiguration allows remote attackers to potentially intercept sensitive information through network traffic, thereby posing a significant security risk.

References

http://www.kb.cert.org/vuls/id/507216

third-party-advisoryx_refsource_CERT-VN

https://www.belden.com/resourcecenter/security/upload/Bel...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2016
Vulnerability Reserved
Feb 18, 2016

JSON