Описание
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.
Комментарий
Per: http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml#@ID
"Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS). "
Ссылки
- Vendor Advisory
- Vendor Advisory
- US Government Resource
- Vendor Advisory
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:2.2\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:2.2\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:3.1\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\(1a\):*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.03113
Низкий
10 Critical
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.
EPSS
Процентиль: 86%
0.03113
Низкий
10 Critical
CVSS2
Дефекты
CWE-20