Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NEWS] Default SNMP Community Strings in Cisco IP/VC Products

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NEWS] Default SNMP Community Strings in Cisco IP/VC Products
Date: 3 Feb 2005 11:05:19 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Default SNMP Community Strings in Cisco IP/VC Products
------------------------------------------------------------------------


SUMMARY

Hard-coded Simple Network Management Protocol (SNMP) community strings are 
present in Cisco IP/VC Videoconferencing System models 3510, 3520, 3525 
and 3530. Any user who has access to the vulnerable devices and knows the 
community strings, can obtain total control of the device.

Cisco strongly recommends that all users deploy the mitigation measures 
outlined in the Workaround section.

DETAILS

Affected Products:
Vulnerable Products
The following products are known to be vulnerable:
 * Cisco IPVC-3510-MCU
 * Cisco IPVC-3520-GW-2B
 * Cisco IPVC-3520-GW-4B
 * Cisco IPVC-3520-GW-2V
 * Cisco IPVC-3520-GW-4V
 * Cisco IPVC-3520-GW-2B2V
 * Cisco IPVC-3525-GW-1P
 * Cisco IPVC-3530-VTA

Products Confirmed Not Vulnerable
The following products are known not to be vulnerable:
 * Cisco IPVC-3511-MCU
 * Cisco IPVC-3511-MCU-E
 * Cisco IPVC-3521-GW-4B
 * Cisco IPVC-3526-GW-1P
 * Cisco IPVC-3540-EMP
 * Cisco IPVC-3540-EMP3
 * Cisco IPVC-3540-MCU03A
 * Cisco IPVC-3540-MCU06A
 * Cisco IPVC-3540-MCU10A
 * Cisco IPVC-3540-GW2P
 * Cisco IPVC-3540-GW4S

No other Cisco products are currently known to be affected by this 
vulnerability. In particular, video-enabled Cisco IP video telephones are 
not affected.

Details
Affected products contain hard-coded SNMP community strings. SNMP is used 
for managing and monitoring an IP/VC device and community strings are the 
equivalent to a password. All models listed as affected are vulnerable 
regardless of the software release they are running.

Impact
A user with knowledge of the community strings can gain full control of 
the device. Such user can, among other things, create new services, 
terminate or affect existing sessions, and redirect traffic to a different 
destination.

Software Versions and Fixes
Cisco will not provide fixed software for this vulnerability. Customers 
are strongly advised to deploy the mitigation measures described in the 
Workaround section.

Workarounds
The only mitigation for this vulnerability is to disable SNMP traffic at 
the switch port that is connected to the affected device. If that cannot 
be done, the SNMP traffic to the IP/VC device should be blocked at the 
nearest possible point. In order for the mitigation to be successful all 
possible paths to the device must be protected. This can be done by 
blocking traffic on UDP (User Datagram Protocol) ports 161 and 162. Port 
161 is used for inbound/outbound read/write SNMP access and port 162 is 
used for outbound traffic for SNMP traps. Blocking these ports disables 
all configuration and traps to/from the device. Access to ports 161 and 
162 from the trusted hosts should be temporarily enabled and the IPVC 
Configuration Utility used when configuration changes are required on the 
affected IP/VC device.

The effectiveness of any workaround is dependent on specific customer 
situations such as product mix, network topology, traffic behavior, and 
organizational mission. Due to the variety of affected products and 
releases, customers should consult with their service provider or support 
organization to ensure any applied workaround is the most appropriate for 
use in the intended network before it is deployed.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:psirt@cisco.com> Cisco 
Systems Product Security Incident Response Team.
The original article can be found at:  
<http://www.cisco.com/warp/public/707/cisco-sa-20050202-ipvc.shtml> 
http://www.cisco.com/warp/public/707/cisco-sa-20050202-ipvc.shtml



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NEWS] Default SNMP Community Strings in Cisco IP/VC Products, SecuriTeam <=
Previous by Date:  [EXPL] Microsoft Internet Explorer .ANI Files Handling ConnectBack Exploit (MS05-002), SecuriTeam
Next by Date:  [NT] Painkiller CD-Key Buffer Overflow, SecuriTeam
Previous by Thread:  [EXPL] Microsoft Internet Explorer .ANI Files Handling ConnectBack Exploit (MS05-002), SecuriTeam
Next by Thread:  [NT] Painkiller CD-Key Buffer Overflow, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]