Vulnerability Details : CVE-2010-1574
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.
Exploit prediction scoring system (EPSS) score for CVE-2010-1574
Probability of exploitation activity in the next 30 days: 1.51%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1574
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-1574
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1574
-
http://www.kb.cert.org/vuls/id/732671
VU#732671 - Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community stringsUS Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/60145
Cisco Industrial Ethernet SNMP unauthorized access CVE-2010-1574 Vulnerability Report
-
http://securitytracker.com/id?1024173
Cisco Industrial Ethernet 3000 Series Switch Default SNMP Credentials Let Remote Users Access the Device - SecurityTracker
-
http://www.securityfocus.com/bid/41436
Cisco Industrial Ethernet 3000 Series Switches Hardcoded SNMP Community Names Security Vulnerability
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability - CiscoVendor Advisory
-
http://www.vupen.com/english/advisories/2010/1754
Webmail | OVH- OVH
Products affected by CVE-2010-1574
- cpe:2.3:o:cisco:ios:12.2\(52\)se:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.2\(52\)se1:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:industrial_ethernet_3000:*:*:*:*:*:*:*:*