SB2016071406 - SNMP community string disclosure vulnerability in Cisco ASR 5000 Series Routers in Cisco ASR 5000 Series
Published: July 14, 2016 Updated: July 18, 2016
Security Bulletin ID
SB2016071406
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) SNMP community string disclosure vulnerability in Cisco ASR 5000 Series Routers (CVE-ID: CVE-2016-1452)
The vulnerability allows a remote attacker to obtain an SNMP password on the target system.The vulnerability exists due to the configured SNMP community string is not confidential. A remote unauthenticated attacker can obtain the SNMP read-write community string on the target system by sending a specially crafted SNMP query to view the read-write SNMP community string on the target system.
Successful exploitation of this vulnerability may result in disclosure of authentication information.
Remediation
Install update from vendor's website.