Cisco Security sent out an advisory today warning that multiple Cisco products contain one of two authentication vulnerabilities in the 
Simple Network Management Protocol version 3 (SNMPv3) feature. The holes can be exploited when processing a malicious SNMPv3 message and could allow the attacker to obtain network information or even perform configuration changes to vulnerable devices. The good news is that SNMP server is an optional service that is disabled by default in Cisco products, Cisco says, plus only SNMPv3 is impacted. Workarounds are already available. US-CERT has also assigned a Vulnerability Note VU#878044 to these vulnerabilities, Cisco reports.
If you would like more guidance in decrypting Cisco's Common Vulnerability Scoring System (CVSS), check out a blog post by Micheal Morris that deciphers the somewhat cryptic, but still useful, system.
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
More from Cisco Subnet:
Multiple vulnerabilities fixed in PIX and Cisco
ASACisco acquires DiviTech A/S
iPhone to include Cisco VPN
The Weather Channel goes HD with Cisco
Free books, training, gift certificates -- giveaways for June from Cisco Subnet
The Cisco Subnet blog is the official blog of the Network World Cisco Subnet community, managed by Editor Linda Leung. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
(WAN community)The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
Post new comment