CVE-2001-1210

Current Description

Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.

Basic Data

PublishedDecember 30, 2001
Last ModifiedSeptember 10, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score6.4
SeverityMEDIUM
Exploitability Score10.0
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareCiscoUbr920********
    2.3HardwareCiscoUbr924********
    2.3HardwareCiscoUbr925********

Vulnerable Software List

VendorProductVersions
Cisco Ubr920 *
Cisco Ubr924 *
Cisco Ubr925 *

References

NameSourceURLTags
20011230 Possible security problem with Cisco ubr900 series routershttp://archives.neohapsis.com/archives/bugtraq/2001-12/0297.htmlBUGTRAQ
20020103 Security Problem in Cisco ubr900 Series Routershttp://archives.neohapsis.com/archives/vulnwatch/2002-q1/0002.htmlVULNWATCH
cisco-docsis-default-strings(7806)http://www.iss.net/security_center/static/7806.phpXFVendor Advisory
3758http://www.securityfocus.com/bid/3758BID