Vulnerabilities > CVE-2004-1775 - Unspecified vulnerability in Cisco Catos and IOS

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

cisco

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 12.0Da Cisco IOS 12.0Db Cisco IOS 12.0Dc Cisco IOS 12.0S Cisco IOS 12.0Sc Cisco IOS 12.0Sl Cisco IOS 12.0St Cisco IOS 12.0T Cisco IOS 12.0Xa Cisco IOS 12.0Xb Cisco IOS 12.0Xc Cisco IOS 12.0Xd Cisco IOS 12.0Xe Cisco IOS 12.0Xf Cisco IOS 12.0Xg Cisco IOS 12.0Xh Cisco IOS 12.0Xi Cisco IOS 12.0Xj Cisco IOS 12.0Xk Cisco IOS 12.0Xl Cisco IOS 12.0Xm Cisco IOS 12.0Xn Cisco IOS 12.0Xp Cisco IOS 12.0Xq Cisco IOS 12.0Xr Cisco IOS 12.0Xs Cisco IOS 12.0Xu Cisco IOS 12.0Xv Cisco IOS 12.0Xw Cisco IOS 12.1 Cisco IOS 12.1Aa Cisco IOS 12.1Cx Cisco IOS 12.1Da Cisco IOS 12.1Db Cisco IOS 12.1Dc Cisco IOS 12.1E Cisco IOS 12.1Ea Cisco IOS 12.1Ec Cisco IOS 12.1Ex Cisco IOS 12.1T Cisco IOS 12.1Xa Cisco IOS 12.1Xb Cisco IOS 12.1Xc Cisco IOS 12.1Xd Cisco IOS 12.1Xe Cisco IOS 12.1Xf Cisco IOS 12.1Xg Cisco IOS 12.1Xh Cisco IOS 12.1Xi Cisco IOS 12.1Xk Cisco IOS 12.1Xl Cisco IOS 12.1Xm Cisco IOS 12.1Xp Cisco IOS 12.1Xq Cisco IOS 12.1Xr Cisco IOS 12.1Xs Cisco IOS 12.1Xt Cisco IOS 12.1Xu Cisco IOS 12.1Xv Cisco IOS 12.1Xw Cisco IOS 12.1Xx Cisco IOS 12.1Xy Cisco IOS 12.1Xz Cisco IOS 12.1Ya Cisco IOS 12.1Yb Cisco IOS 12.1Yc Cisco IOS 12.1Yd Cisco Catos 5.5 Cisco Catos 6.1	69

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20010228-IOS-SNMP-COMMUNITYHTTP.NASL
description	Multiple Cisco IOS Software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices. To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183. In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.
last seen	2020-06-01
modified	2020-06-02
plugin id	48952
published	2010-09-01
reporter	This script is (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48952
title	Cisco IOS Software Multiple SNMP Community String Vulnerabilities - Cisco Systems

NASL family	SNMP
NASL id	SNMP_VACM.NASL
description	It is possible to obtain the remote private community strings using the View-Based Access Control MIB (VACM) of the remote Cisco router. An attacker may use this flaw to gain read/write SNMP access on this router. Note that a value in this table does not necessarily mean that an instance with the value exists in table vacmAccessTable. The SNMP private community string(s) returned may only allow read access.
last seen	2020-06-01
modified	2020-06-02
plugin id	10688
published	2001-06-15
reporter	This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10688
title	Cisco CatOS VACM read-write Community String Device Configuration Manipulation

Summary

Vulnerable Configurations

Nessus

References