| Vulnerability Name: | CVE-2016-2509 (CCN-110668) | ||||||||||||
| Assigned: | 2016-02-16 | ||||||||||||
| Published: | 2016-02-16 | ||||||||||||
| Updated: | 2016-03-23 | ||||||||||||
| Summary: | The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.9 Low (CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-2509 Source: CCN Type: US-CERT VU#507216 Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#507216 Source: XF Type: UNKNOWN hirschmann-platform-unauth-access(110668) Source: CCN Type: Belden Security Advisory BSECV-2016-2 Passwords Synchronization with SNMP v1/v2 Communities Source: CONFIRM Type: Vendor Advisory https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||