Vulnerability Details CVE-2016-1473
Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3
- http://www.securityfocus.com/bid/92710
- http://www.securitytracker.com/id/1036711
- http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_default_snmp.pdf
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3
- http://www.securityfocus.com/bid/92710
- http://www.securitytracker.com/id/1036711
- http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_default_snmp.pdf
Products affected by CVE-2016-1473
-
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.17
-
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.18
-
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.19