Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Emergency management > Response > CCIRC > Analytical releases 2010 > AV10-022: Cisco Security Advisory for Industrial Ethernet 3000 Series Switches

Institutional links

Cisco Security Advisory for Industrial Ethernet 3000 Series Switches

Number: AV10-022
Date: 14 July 2010

Purpose

The purpose of this advisory is to bring attention to a vulnerability in Cisco Industrial Ethernet 3000 Series switches.

Assessment

Cisco Industrial Ethernet 3000 Series switches running Cisco IOS releases 12.2(52)SE or 12.2(52)SE1 are vulnerable to compromise as they contain hard-coded SNMP community names. The hard-coded names are "public" and "private". These names make it easier for remote attackers to modify the switch configuration or obtain potentially sensitive information via SNMP.

Affected software:
The vulnerability is reported for Cisco Industrial Ethernet 3000 Series switches running Cisco IOS releases 12.2(52)SE or 12.2(52)SE1.

Suggested action

Cisco has released a fix to address this vulnerability. CCIRC recommends that organizations liaise with the administrators/maintainers of the network service to identify affected products and assess the need to apply the appropriate updates and/or workarounds.

Software version 12.2(55)SE of the Cisco IOS addresses this security flaw.

There are also workarounds available on the Cisco advisory page:

http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml#workarounds

References:
This vulnerability has been assigned the CVE identifier CVE-2010-1574. Cisco has assigned Cisco Bug ID CSCtf25589 to this vulnerability.

http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-07-14
Top of Page
Top of Page
Important Notices