Vulnerability Description
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://assets.belden.com/m/1d8273c6205dc400/original/Security-Bulletin-Password
- https://www.kb.cert.org/vuls/id/507216
- https://www.vulncheck.com/advisories/hirschmann-hilcos-classic-platform-password
FAQ
What is CVE-2016-15058?
CVE-2016-15058 is a vulnerability with a CVSS score of 8.1 (HIGH). Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are s...
How severe is CVE-2016-15058?
CVE-2016-15058 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-15058?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.