From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 3 Feb 2005 11:05:19 +0200
Subject: [NEWS] Default SNMP Community Strings in Cisco IP/VC Products
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20050203094757.1386C57E8@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Default SNMP Community Strings in Cisco IP/VC Products
------------------------------------------------------------------------
SUMMARY
Hard-coded Simple Network Management Protocol (SNMP) community strings are
present in Cisco IP/VC Videoconferencing System models 3510, 3520, 3525
and 3530. Any user who has access to the vulnerable devices and knows the
community strings, can obtain total control of the device.
Cisco strongly recommends that all users deploy the mitigation measures
outlined in the Workaround section.
DETAILS
Affected Products:
Vulnerable Products
The following products are known to be vulnerable:
* Cisco IPVC-3510-MCU
* Cisco IPVC-3520-GW-2B
* Cisco IPVC-3520-GW-4B
* Cisco IPVC-3520-GW-2V
* Cisco IPVC-3520-GW-4V
* Cisco IPVC-3520-GW-2B2V
* Cisco IPVC-3525-GW-1P
* Cisco IPVC-3530-VTA
Products Confirmed Not Vulnerable
The following products are known not to be vulnerable:
* Cisco IPVC-3511-MCU
* Cisco IPVC-3511-MCU-E
* Cisco IPVC-3521-GW-4B
* Cisco IPVC-3526-GW-1P
* Cisco IPVC-3540-EMP
* Cisco IPVC-3540-EMP3
* Cisco IPVC-3540-MCU03A
* Cisco IPVC-3540-MCU06A
* Cisco IPVC-3540-MCU10A
* Cisco IPVC-3540-GW2P
* Cisco IPVC-3540-GW4S
No other Cisco products are currently known to be affected by this
vulnerability. In particular, video-enabled Cisco IP video telephones are
not affected.
Details
Affected products contain hard-coded SNMP community strings. SNMP is used
for managing and monitoring an IP/VC device and community strings are the
equivalent to a password. All models listed as affected are vulnerable
regardless of the software release they are running.
Impact
A user with knowledge of the community strings can gain full control of
the device. Such user can, among other things, create new services,
terminate or affect existing sessions, and redirect traffic to a different
destination.
Software Versions and Fixes
Cisco will not provide fixed software for this vulnerability. Customers
are strongly advised to deploy the mitigation measures described in the
Workaround section.
Workarounds
The only mitigation for this vulnerability is to disable SNMP traffic at
the switch port that is connected to the affected device. If that cannot
be done, the SNMP traffic to the IP/VC device should be blocked at the
nearest possible point. In order for the mitigation to be successful all
possible paths to the device must be protected. This can be done by
blocking traffic on UDP (User Datagram Protocol) ports 161 and 162. Port
161 is used for inbound/outbound read/write SNMP access and port 162 is
used for outbound traffic for SNMP traps. Blocking these ports disables
all configuration and traps to/from the device. Access to ports 161 and
162 from the trusted hosts should be temporarily enabled and the IPVC
Configuration Utility used when configuration changes are required on the
affected IP/VC device.
The effectiveness of any workaround is dependent on specific customer
situations such as product mix, network topology, traffic behavior, and
organizational mission. Due to the variety of affected products and
releases, customers should consult with their service provider or support
organization to ensure any applied workaround is the most appropriate for
use in the intended network before it is deployed.
ADDITIONAL INFORMATION
The information has been provided by <mailto:psirt@cisco.com.> Cisco
Systems Product Security Incident Response Team.
The original article can be found at:
<http://www.cisco.com/warp/public/707/cisco-sa-20050202-ipvc.shtml>;
http://www.cisco.com/warp/public/707/cisco-sa-20050202-ipvc.shtml
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
