ID: 3642
Date: 11/06/2008
Title: 3642 - Cisco Security Advisory: SNMP Version 3 AuthenticationVulnerabilities
Platform level affected:Operating System
Hardware components affected:Network Router/Switch/Modem
Specific operating systems components affected: Cisco IOS
Net-enabled software: Other
Security software:Other
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Cisco
Applications affected:SNMP Version 3
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Active
Potential Damage: Remote execution/modification
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: Patch
Source: Cisico
Reliability of source: Trusted
Source URL: www.cisco.com
CVE: CVE-2008-0960
Abstract: Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message.
Cisco Security Advisory: SNMP Version 3 Authentication
Vulnerabilities
Document ID: 107408
Advisory ID: cisco-sa-20080610-snmpv3
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
Revision 1.0
For Public Release 2008 June 10 1600 UTC (GMT)
---------------------------------------------------------------------
Summary
=======
Multiple Cisco products contain either of two authentication
vulnerabilities in the Simple Network Management Protocol version 3
(SNMPv3) feature. These vulnerabilities can be exploited when
processing a malformed SNMPv3 message. These vulnerabilities could
allow the disclosure of network information or may enable an attacker
to perform configuration changes to vulnerable devices. The SNMP
server is an optional service that is disabled by default in Cisco
products. Only SNMPv3 is impacted by these vulnerabilities.
Workarounds are available for mitigating the impact of the
vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has
assigned Vulnerability Note VU#878044 leavingcisco.com to these
vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960
leavingcisco.com has also been assigned to these vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Wed, 11 Jun 2008 10:00:00 GMT
Domain affected: Technical