Vulnerabilities > CVE-2004-1776 - Unspecified vulnerability in Cisco IOS 12.1(3)/12.1(3)T

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
cisco
nessus

Summary

Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.

Vulnerable Configurations

Part Description Count
OS
Cisco
2

Nessus

NASL familyCISCO
NASL idCISCO-SA-20010228-IOS-SNMP-COMMUNITYHTTP.NASL
descriptionMultiple Cisco IOS Software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices. To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183. In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.
last seen2020-06-01
modified2020-06-02
plugin id48952
published2010-09-01
reporterThis script is (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/48952
titleCisco IOS Software Multiple SNMP Community String Vulnerabilities - Cisco Systems