CVE-2016-2509

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:belden:hirschmann_firmware:05.3.06:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l2b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:belden:hirschmann_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:belden:hirschmann_l3p:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l3e:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l2p:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l2e:-:*:*:*:*:*:*:*

Information

Published : 2016-02-18 14:59

Updated : 2016-03-22 17:54


NVD link : CVE-2016-2509

Mitre link : CVE-2016-2509


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

belden

  • hirschmann_firmware
  • hirschmann_l2e
  • hirschmann_l2p
  • hirschmann_l3e
  • hirschmann_l3p
  • hirschmann_l2b