Tagged: snmp

VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default 0

VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default

Vulnerability Note VU#507216 Hirschmann “Classic Platform” switches reveal administrator password in SNMP community string by default Original Release date: 16 Feb 2016 | Last revised: 16 Feb 2016 Overview Hirschmann “Classic Platform” switches contain a password sync feature that syncs the switch administrator password with the SNMP community password, exposing the administrator password to attackers on the local network. Description CWE-257 : Storing Passwords in a Recoverable Format For all Hirschmann (part of Belden) “Classic Platform” switches (which includes the MACH series workgroup switches, among others), by default, the switch administrator password is used to construct an SNMP community string that allows remote management of some switch configuration

Spoofed SNMP Messages: Mercy Killings of Vulnerable Networks or Troll?, (Mon, Sep 15th) 0

Spoofed SNMP Messages: Mercy Killings of Vulnerable Networks or Troll?, (Mon, Sep 15th)

2nd Update All the packet captures we received so far show the same behavior. The scans are sequential, so it is fair to assume that this is an internet wide scan. We have yet to find a vulnerable system, and I don’t think that vulnerable configurations are very common but please let me know if you know of widely used systems that allow for these SNMP commands.

VU#855836: Arris Touchstone cable modem information leakage vulnerabiliity 0

VU#855836: Arris Touchstone cable modem information leakage vulnerabiliity

Vulnerability Note VU#855836 Arris Touchstone cable modem information leakage vulnerabiliity Original Release date: 04 Sep 2014 | Last revised: 04 Sep 2014 Overview Arris Touchstone DG950A cable modem enables SNMP public access by default. Description CWE-200 – Information Exposure The Arris Touchstone DG950A cable modem running software version 7.10.131 was found to expose sensitive information such as passwords, ssids, and wifi keys via the SNMP public community string. Other versions may also be affected by this vulnerability

VU#259548: Netmaster cable modem information leakage vulnerability 0

VU#259548: Netmaster cable modem information leakage vulnerability

Vulnerability Note VU#259548 Netmaster cable modem information leakage vulnerability Original Release date: 04 Sep 2014 | Last revised: 04 Sep 2014 Overview The Netmaster CBW700N wireless cable modem enables remote SNMP public access by default Description CWE-200 – Information Exposure The Netmaster CBW700N wireless cable modem running software version 81.447.392110.729.024 was found to expose sensitive information such as username, password, and wifi keys via the SNMP public community string. Impact A remote unauthenticated attacker may be able to retrieve the username, password, and other sensitive information about the device.

VU#179732: Cobham thraneLINK improper verification of firmware updates vulnerability 0

VU#179732: Cobham thraneLINK improper verification of firmware updates vulnerability

Vulnerability Note VU#179732 Cobham thraneLINK improper verification of firmware updates vulnerability Original Release date: 07 Aug 2014 | Last revised: 07 Aug 2014 Overview Cobham’s thraneLINK protocol does not verify cryptographic signatures for firmware updates before installing them. This may allow an attacker to deploy a malicious firmware update to the device

Using nmap to scan for DDOS reflectors, (Mon, Jun 2nd) 0

Using nmap to scan for DDOS reflectors, (Mon, Jun 2nd)

Before we get into this here is the standard disclaimer.  Do not scan any devices that you do not have explicit permission to scan.  If you do not own the devices I strongly recommend you get that permission in writing .  Also, port scanning may cause instability or failure of some devices and/or applications.  Just ask anyone who lost ILOs to heartbleed .  So be careful! As we have seen in past diaries about reflective DDOS attacks they are certainly the flavor of the day.  US-CERT claims  there are several UDP based protocols that are potential attack vectors .  In my experience the most prevalent ones are DNS, NTP, SNMP, and CharGEN.  Assuming you have permission; Is there an easy way to do good data gathering for these ports on your network? Yes, as a matter of a fact it can be done in one simple  nmap command.