Cisco Sx220 Hardcoded SNMP Community String Vulnerability (CVE-2016-1473)

Key Information Summary Vulnerability Overview Vulnerability Type: Implementation flaw in the Simple Network Management Protocol (SNMP) feature in Cisco Small Business 220 Series Smart Plus (Sx220) switches. Severity Level: Critical Technical Details Vulnerability Identifiers: - Cisco Security Advisory ID: 烂 - CVE: - CWE: - Cisco Bug ID: CVSS Scores: - Base Score: 10.0 - Temporal Score: 8.3 Root Cause: A hardcoded default SNMP community string is embedded during device installation and cannot be removed. This allows attackers to gain unauthorized remote access to affected devices using the default string. Affected Products Affected Products: Cisco Small Business 220 Series Smart Plus (Sx220) switches running firmware versions 1.0.0.17, 1.0.0.18, or 1.0.0.19 with SNMP enabled. Unaffected Products: No other Cisco products are currently known to be affected by this vulnerability. Mitigation and Patch Mitigation Strategy: There are no workarounds. Patch Information: Cisco has released firmware updates to fix this vulnerability. Affected users are advised to upgrade to firmware version 1.0.1.1 or later. Disclosure and Discovery Public Exploitation: Cisco’s Product Security Incident Response Team (PSIRT) has not observed any public malicious exploitation of this vulnerability. Reporters: Nicolas Collignon and Renaud Dubourgua. Additional Links Full Advisory Page: Cisco 220 Series Smart Plus Hard Coded SNMP Community String

Goal Reached Thanks to every supporter — we hit 100%!

Cisco Sx220 Hardcoded SNMP Community String Vulnerability (CVE-2016-1473)