fkie_nvd - fkie_cve-2010-1574

FKIE_CVE-2010-1574

Vulnerability from fkie_nvd - Published: 2010-07-08 18:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.

References

URL	Tags
psirt@cisco.com	http://osvdb.org/66120
psirt@cisco.com	http://secunia.com/advisories/40407	Vendor Advisory
psirt@cisco.com	http://securitytracker.com/id?1024173
psirt@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml	Vendor Advisory
psirt@cisco.com	http://www.kb.cert.org/vuls/id/732671	US Government Resource
psirt@cisco.com	http://www.securityfocus.com/bid/41436
psirt@cisco.com	http://www.vupen.com/english/advisories/2010/1754
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/60145
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/66120
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40407	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1024173
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/732671	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/41436
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1754
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/60145

Impacted products

Vendor	Product	Version
cisco	ios	12.2\(52\)se
cisco	ios	12.2\(52\)se1
cisco	industrial_ethernet_3000	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(52\\)se:*:*:*:*:*:*:*",
              "matchCriteriaId": "5898745E-C1D3-4D0E-8476-2EEAA4327B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(52\\)se1:*:*:*:*:*:*:*",
              "matchCriteriaId": "887C5632-F3F7-4EDB-A065-D81F64A9B15C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:industrial_ethernet_3000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B991E20-4BDF-4B0E-AEAA-C74115F78EB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589."
    },
    {
      "lang": "es",
      "value": "IOS v12.2(52)SE y v12.2(52)SE1 en switches Cisco Industrial Ethernet (IE) 3000 series tiene (1) un nombre de comunidad p\u00fablico con acceso RO y (2) un nombre de comunidad privado de acceso RW, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos modificar la configuraci\u00f3n u obtener informaci\u00f3n sensible a trav\u00e9s de peticiones SNMP, tambi\u00e9n conocido como Bug ID CSCtf25589."
    }
  ],
  "id": "CVE-2010-1574",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-07-08T18:30:00.827",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/66120"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40407"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1024173"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/732671"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/41436"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2010/1754"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/66120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/732671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/41436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60145"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-1574 (GCVE-0-2010-1574)

Vulnerability from cvelistv5 – Published: 2010-07-08 18:00 – Updated: 2024-08-07 01:28

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://secunia.com/advisories/40407	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1024173	vdb-entryx_refsource_SECTRACK
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.kb.cert.org/vuls/id/732671	third-party-advisoryx_refsource_CERT-VN
	http://www.vupen.com/english/advisories/2010/1754	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/41436	vdb-entryx_refsource_BID
	http://osvdb.org/66120	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:42.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40407",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40407"
          },
          {
            "name": "1024173",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024173"
          },
          {
            "name": "20100707 Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml"
          },
          {
            "name": "VU#732671",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/732671"
          },
          {
            "name": "ADV-2010-1754",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1754"
          },
          {
            "name": "41436",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41436"
          },
          {
            "name": "66120",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/66120"
          },
          {
            "name": "cisco-industrial-snmp-unauth-access(60145)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "40407",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40407"
        },
        {
          "name": "1024173",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024173"
        },
        {
          "name": "20100707 Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml"
        },
        {
          "name": "VU#732671",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/732671"
        },
        {
          "name": "ADV-2010-1754",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1754"
        },
        {
          "name": "41436",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41436"
        },
        {
          "name": "66120",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/66120"
        },
        {
          "name": "cisco-industrial-snmp-unauth-access(60145)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-1574",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40407",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40407"
            },
            {
              "name": "1024173",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024173"
            },
            {
              "name": "20100707 Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml"
            },
            {
              "name": "VU#732671",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/732671"
            },
            {
              "name": "ADV-2010-1754",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1754"
            },
            {
              "name": "41436",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/41436"
            },
            {
              "name": "66120",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/66120"
            },
            {
              "name": "cisco-industrial-snmp-unauth-access(60145)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2010-1574",
    "datePublished": "2010-07-08T18:00:00",
    "dateReserved": "2010-04-27T00:00:00",
    "dateUpdated": "2024-08-07T01:28:42.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2010-1574

CVE-2010-1574 (GCVE-0-2010-1574)

Tags

Sightings

Nomenclature