—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20160831-sps3

Revision 1.0

For Public Release 2016 August 31 16:00 UTC (GMT)

+———————————————————————

Summary
=======

A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device.

The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV8RIrK89gD3EAJB5AQLthg/9H31fSwIZPl77TIHr22TNxJxUro4RCWic
mN8tfm4DidmQOL8z9KKtWUH+bTuHJG7jN0JMHrON74IGzJabGaH3cGqCnYpePIrg
kgJCSkv9nnjlSGADEpCFg5uQ7dCpSCLbGJDRcQ7fY1Dfbu5WBpdNd2nUJo52+k5F
ZEQxlSrdWqu/ki0NYCUamEg0PeUslwmSUr2FxQqD3qqb/Hqbm7cKNj2bkAn9ahna
J/bJjKIgwj9/l8S6cQZXydgPucH6rhLRGQJ3LrVyvkUbN8zTC7fYslSjvmOe0t/x
bZsgdp6pARZSfdOvoGgnpayPlVSFlS80ourZ5H9Km/mbvDT/4Er+hyPO7so5R0en
5FKUmoTiu3rUrQHdq4lfGO+PZ6QX8f3vWbmRcYPSNFKZEddiNPo3SAXBieLmyD0N
ocDEmpNg0KJWspkHLfkYav/ET4U+f0EfEwcDzYvg8GRDC/AKyh5p2aSGBe0m+rvj
91fq4Xoh3LDSc7Fb50k3Ky34ghZ9rbBIAWkQFRrF206cEjukL4BDcBB9bBlf70A2
uvbK8mx+jxEYm6uBmcI1swsAy0B/UwvBhkI1bmn7qoNwjg9uYev1k4+8qD8hsbg/
QJBOWROIB+EccA3/aO7vXeBuP4XrPY8Ud5w05FG4RrWYWikMf/4TP84vXV0lZ14D
Wt5Q3gIkvJ4=
=Jk1q
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com