Vulnerabilities > CVE-2001-1434 - Unspecified vulnerability in Cisco IOS

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cisco
nessus

Summary

Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.

Vulnerable Configurations

Part Description Count
OS
Cisco
201

Nessus

NASL familyCISCO
NASL idCISCO-SA-20010228-IOS-SNMP-COMMUNITYHTTP.NASL
descriptionMultiple Cisco IOS Software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices. To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183. In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.
last seen2020-06-01
modified2020-06-02
plugin id48952
published2010-09-01
reporterThis script is (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/48952
titleCisco IOS Software Multiple SNMP Community String Vulnerabilities - Cisco Systems