Details of VAR-200505-0026

ID

VAR-200505-0026

CVE

CVE-2005-0612

TITLE

Cisco IP/VC Default SNMP Public string vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-094

DESCRIPTION

Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify configuration. A default community string vulnerability affects Cisco IP/VC Videoconferencing System devices. This issue is due to a design flaw where hard-coded community strings are stored on the device. This issue may be leveraged to gain unauthorized administrator access to affected devices. This would allow an attacker to create new services, terminate or affect existing sessions, and redirect traffic to a different destination, among other attacks

Trust: 1.26

sources: NVD: CVE-2005-0612 // BID: 12424 // VULHUB: VHN-11821

AFFECTED PRODUCTS

vendor:	cisco	model:	ipvc-3525-gw-1p	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ipvc-3520-gw-2b2v	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ipvc-3510-mcu	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ipvc-3520-gw-2v	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ipvc-3520-gw-4v	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ipvc-3530-vta	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ipvc-3520-gw-2b	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ipvc-3510-mcu	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ipvc-3520-gw-2b	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ipvc-3520-gw-2b2v	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ipvc-3525-gw-1p	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ipvc-3520-gw-2v	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ipvc-3520-gw-4v	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ipvc-3530-vta	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ipvc 3530-vta	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3525-gw-1p	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3520-gw-4v	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3520-gw-4b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3520-gw-2v	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3520-gw-2b2v	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3520-gw-2b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3510-mcu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-xam06	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-xam03	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-xag	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-rm	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-mcu10a	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-mcu06a	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-mcu03a	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-gw4s	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-gw2p	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-emp3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3540-emp	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3526-gw-1p	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3521-gw-4b	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3511-mcu-e	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ipvc 3511-mcu	scope:	ne	version:	-	Trust: 0.3

sources: BID: 12424 // CNNVD: CNNVD-200505-094 // NVD: CVE-2005-0612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0612
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200505-094
value:	HIGH
Trust: 0.6
VULHUB:	VHN-11821
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-0612
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11821
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11821 // CNNVD: CNNVD-200505-094 // NVD: CVE-2005-0612

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-094

TYPE

Design Error

Trust: 0.9

sources: BID: 12424 // CNNVD: CNNVD-200505-094

EXTERNAL IDS

db:	BID	id:	12424	Trust: 2.0
db:	SECUNIA	id:	14122	Trust: 1.7
db:	SECTRACK	id:	1013067	Trust: 1.7
db:	NVD	id:	CVE-2005-0612	Trust: 1.7
db:	CNNVD	id:	CNNVD-200505-094	Trust: 0.7
db:	CISCO	id:	20050202 DEFAULT SNMP COMMUNITY STRINGS IN CISCO IP/VC PRODUCTS	Trust: 0.6
db:	VULHUB	id:	VHN-11821	Trust: 0.1

sources: VULHUB: VHN-11821 // BID: 12424 // CNNVD: CNNVD-200505-094 // NVD: CVE-2005-0612

REFERENCES

url:	http://www.securityfocus.com/bid/12424	Trust: 1.7
url:	http://www.cisco.com/public/technotes/cisco-sa-20050202-ipvc.shtml	Trust: 1.7
url:	http://securitytracker.com/id?1013067	Trust: 1.7
url:	http://secunia.com/advisories/14122	Trust: 1.7
url:	http://www.cisco.com/warp/public/cc/pd/mxsv/ipvc3500/index.shtml	Trust: 0.3
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00803ca37f.shtml	Trust: 0.3

sources: VULHUB: VHN-11821 // BID: 12424 // CNNVD: CNNVD-200505-094 // NVD: CVE-2005-0612

CREDITS

Cisco PSIRT psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200505-094

SOURCES

db:	VULHUB	id:	VHN-11821
db:	BID	id:	12424
db:	CNNVD	id:	CNNVD-200505-094
db:	NVD	id:	CVE-2005-0612

LAST UPDATE DATE

2024-08-14T14:22:59.119000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11821	date:	2008-09-05T00:00:00
db:	BID	id:	12424	date:	2005-02-02T00:00:00
db:	CNNVD	id:	CNNVD-200505-094	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0612	date:	2008-09-05T20:46:48.397

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11821	date:	2005-05-02T00:00:00
db:	BID	id:	12424	date:	2005-02-02T00:00:00
db:	CNNVD	id:	CNNVD-200505-094	date:	2005-02-02T00:00:00
db:	NVD	id:	CVE-2005-0612	date:	2005-05-02T04:00:00