Reported February 28, 2001, by Cisco Systems.
All Cisco products using the Internetwork Operating System (IOS), including (but not limited to):
- 800, 1000, 1005, 1400, 1600, 1700, 2500, 2600, 3600, MC3810, 4000, 4500, 4700, 6200, 6400 NRP, and 6400 NSP series Cisco routers
- ubr900 and ubr920 universal broadband routers
- Catalyst 2900 ATM, 2900XL, 2948g, 3500XL, 4232, 4840g, and 5000 RSFC series switches
- 5200, 5300, and 5800 series access servers
- Catalyst 6000 MSM, 6000 Hybrid Mode, 6000 Native Mode, 6000 Supervisor Module, and Catalyst ATM Blade
- RSM, 7000, 7010, 7100, 7200, ubr7200, 7500, 10000 ESR, and 12000 GSR series Cisco routers
- Catalyst 8510CSR, 8510MSR, 8540CSR, and 8540MSR series switches
A vulnerability exists in the Cisco IOS implementation of SNMP that allows access to configuration information on affected devices. By knowing the read-only SNMP community string, an intruder can gain access to configuration information on a read-only basis. By knowing the SNMP read-write community string, an intruder can make unauthorized configuration modifications.
Cisco has issued two notices regarding this vulnerability:
Customers can obtain a firmware upgrade through Cisco distribution channels.
Discovered by Cisco Systems.