Network Management Vulnerability in Cisco WAAS Software
CVE-2018-0329

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Wide Area Application Services Unknown
Vendor
CVE Published:
7 June 2018

Summary

A vulnerability exists in the default configuration of the Simple Network Management Protocol (SNMP) feature within Cisco Wide Area Application Services (WAAS) Software. This flaw permits an unauthenticated remote attacker to exploit the hard-coded read-only community string in the SNMP configuration file. By executing SNMP version 2c queries with the static community string, an attacker can access sensitive data from the affected device. Notably, the static credentials used are hidden within an internal configuration file, making them undetectable in both the running and startup configurations of the system.

Affected Version(s)

Cisco Wide Area Application Services unknown Cisco Wide Area Application Services unknown

References

http://www.securitytracker.com/id/1041078
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104590
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.