Details of VAR-200102-0117

ID

VAR-200102-0117

CVE

CVE-2004-1776

TITLE

Cisco IOS/X12-X15 has default SNMP read/write string of "cable-docsis"

Trust: 0.8

sources: CERT/CC: VU#840665

DESCRIPTION

Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read and modify its configuration, creating a denial-of-service condition, an information leak, or both. IOS is prone to a remote security vulnerability. Cisco IOS 12.1(3) and 12.1(3)T vulnerabilities

Trust: 1.98

sources: NVD: CVE-2004-1776 // CERT/CC: VU#840665 // BID: 90461 // VULHUB: VHN-10206

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(3\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(3\)t	Trust: 1.6
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios 12.1 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.1(3)	Trust: 0.3

sources: CERT/CC: VU#840665 // BID: 90461 // CNNVD: CNNVD-200102-117 // NVD: CVE-2004-1776

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1776
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#840665
value:	54.68
Trust: 0.8
CNNVD:	CNNVD-200102-117
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10206
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1776
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10206
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#840665 // VULHUB: VHN-10206 // CNNVD: CNNVD-200102-117 // NVD: CVE-2004-1776

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1776

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200102-117

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200102-117

EXTERNAL IDS

db:	CERT/CC	id:	VU#840665	Trust: 2.8
db:	NVD	id:	CVE-2004-1776	Trust: 2.0
db:	XF	id:	6180	Trust: 0.9
db:	CNNVD	id:	CNNVD-200102-117	Trust: 0.7
db:	CISCO	id:	20041008 CISCO IOS SOFTWARE MULTIPLE SNMP COMMUNITY STRING VULNERABILITIES	Trust: 0.6
db:	BID	id:	90461	Trust: 0.4
db:	VULHUB	id:	VHN-10206	Trust: 0.1

sources: CERT/CC: VU#840665 // VULHUB: VHN-10206 // BID: 90461 // CNNVD: CNNVD-200102-117 // NVD: CVE-2004-1776

REFERENCES

url:	http://www.kb.cert.org/vuls/id/840665	Trust: 2.0
url:	http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6180	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/6180	Trust: 0.9
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8

sources: CERT/CC: VU#840665 // VULHUB: VHN-10206 // BID: 90461 // CNNVD: CNNVD-200102-117 // NVD: CVE-2004-1776

CREDITS

Unknown

Trust: 0.3

sources: BID: 90461

SOURCES

db:	CERT/CC	id:	VU#840665
db:	VULHUB	id:	VHN-10206
db:	BID	id:	90461
db:	CNNVD	id:	CNNVD-200102-117
db:	NVD	id:	CVE-2004-1776

LAST UPDATE DATE

2024-08-14T14:09:12.147000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#840665	date:	2002-03-05T00:00:00
db:	VULHUB	id:	VHN-10206	date:	2017-07-11T00:00:00
db:	BID	id:	90461	date:	2001-02-28T00:00:00
db:	CNNVD	id:	CNNVD-200102-117	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1776	date:	2017-07-11T01:31:20.730

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#840665	date:	2001-05-01T00:00:00
db:	VULHUB	id:	VHN-10206	date:	2001-02-28T00:00:00
db:	BID	id:	90461	date:	2001-02-28T00:00:00
db:	CNNVD	id:	CNNVD-200102-117	date:	2001-02-28T00:00:00
db:	NVD	id:	CVE-2004-1776	date:	2001-02-28T05:00:00