CVE-2010-1574
HIGH severity · CVSS 10 · CWE-264
10CVSS HIGH
Summary
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)5%
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/40407Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtmlAdvisory
- http://osvdb.org/66120
- http://securitytracker.com/id?1024173
- http://www.kb.cert.org/vuls/id/732671
- http://www.securityfocus.com/bid/41436
- http://www.vupen.com/english/advisories/2010/1754
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60145