CVE-2008-3807

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 26-09-2008 06:21

Last modified: - 02-06-2022 07:18

Total changes: - 2

Description

Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

vendor=cisco AND product=ios AND version=12.3bc

vendor=cisco AND product=ios AND version=12.2cy

vendor=cisco AND product=ios AND version=12.2bc

vendor=cisco AND product=ios AND version=12.2cx

vendor=cisco AND product=ios AND version=12.2xf

Reference

20080924 Cisco uBR10012 Series Devices SNMP Vulnerability-Vendor Advisory
31990-Third Party Advisory
ADV-2008-2670-Permissions Required
1020941-Broken Link, Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:5452-Third Party Advisory

Keywords

CVE-2008-3807

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2008-3807

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures