CVE-2008-3807

Published Sep 26, 2008

Last updated 2 years ago

Overview

Description: Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.
Source: ykramarz@cisco.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios:12.2bc:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3EF2531-3E6B-4FDC-B96B-2BC3F8EAF39A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:12.2cx:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4BA2D6E-FD22-4BFD-B8B4-D6542E173C72"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:12.2cy:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78B9E2C6-0E23-4AC9-906F-28BBC15868DB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:12.2xf:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCC88CC5-CF58-48A3-AFB6-FD38E5F40845"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:12.3bc:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40183EF8-BD19-49AD-9E55-7FCCA635327F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References