CVE-2016-1452
medium
CVSS v3
6.5
CVSS v2
6.4
VIR risk
6.5
Description
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cisco | asr_5000_software | 18.3.0 | |
| cisco | asr_5000_software | 18.3_base | |
| cisco | asr_5000_software | 19.0.1 | |
| cisco | asr_5000_software | 19.0.m0.60737 | |
| cisco | asr_5000_software | 19.0.m0.60828 | |
| cisco | asr_5000_software | 19.0.m0.61045 | |
| cisco | asr_5000_software | 19.1.0 | |
| cisco | asr_5000_software | 19.1.0.61559 | |
| cisco | asr_5000_software | 19.2.0 | |
| cisco | asr_5000_software | 19.3.0 | |
| cisco | asr_5000_software | 20.0.0 | |
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr
- http://www.securityfocus.com/bid/91756
- http://www.securitytracker.com/id/1036298
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr
- http://www.securityfocus.com/bid/91756
- http://www.securitytracker.com/id/1036298
CWEs
CWE-200 CWE-254
Verify integrity in audit chain (admin only). AS-IS.