CVE-2016-2509 — MEDIUM (5.3)

Vulnerability Description

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Belden	Hirschmann Firmware	05.3.06
Belden	Hirschmann L2B	-
Belden	Hirschmann L2E	-
Belden	Hirschmann L2P	-
Belden	Hirschmann L3E	-
Belden	Hirschmann L3P	-

Related Weaknesses (CWE)

CWE-200

References

http://www.kb.cert.org/vuls/id/507216Third Party AdvisoryUS Government Resource
https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BVendor Advisory
http://www.kb.cert.org/vuls/id/507216Third Party AdvisoryUS Government Resource
https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BVendor Advisory

FAQ

What is CVE-2016-2509?

CVE-2016-2509 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator pas...

How severe is CVE-2016-2509?

CVE-2016-2509 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2509?

Check the references section above for vendor advisories and patch information. Affected products include: Belden Hirschmann Firmware, Belden Hirschmann L2B, Belden Hirschmann L2E, Belden Hirschmann L2P, Belden Hirschmann L3E.