Vulnerabilities > CVE-2001-1434 - Unspecified vulnerability in Cisco IOS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
Vulnerable Configurations
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20010228-IOS-SNMP-COMMUNITYHTTP.NASL |
description | Multiple Cisco IOS Software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices. To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183. In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 48952 |
published | 2010-09-01 |
reporter | This script is (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/48952 |
title | Cisco IOS Software Multiple SNMP Community String Vulnerabilities - Cisco Systems |