CVE-2010-1574

high

Description

IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/60145

http://www.vupen.com/english/advisories/2010/1754

http://www.securityfocus.com/bid/41436

http://www.kb.cert.org/vuls/id/732671

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml

http://securitytracker.com/id?1024173

http://secunia.com/advisories/40407

http://osvdb.org/66120

Details

Source: Mitre, NVD

Published: 2010-07-08

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High