Vulnerabilities > CVE-2016-1452 - 7PK - Security Features vulnerability in Cisco ASR 5000 and ASR 5000 Software

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

cisco

CWE-254

NVD

Published: 2016-07-15

Updated: 2017-09-01

Summary

Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.

Vulnerable Configurations

Part	Description	Count
Hardware	Cisco Cisco ASR 5000 -	1
Application	Cisco Cisco ASR 5000 Software 18.3.0 Cisco ASR 5000 Software 18.3_Base Cisco ASR 5000 Software 19.0.1 Cisco ASR 5000 Software 19.0.M0.60737 Cisco ASR 5000 Software 19.0.M0.60828 Cisco ASR 5000 Software 19.0.M0.61045 Cisco ASR 5000 Software 19.1.0 Cisco ASR 5000 Software 19.1.0.61559 Cisco ASR 5000 Software 19.2.0 Cisco ASR 5000 Software 19.3.0 Cisco ASR 5000 Software 20.0.0	11

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References