CIAC had revised P-119 to reflect the changes Cisco has made to their Security Advisory Document ID: 63894 in the Workaround Section, the Products confirmed Not Vulnerable list, and the Obtaining Fixed Software Section. __________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Cisco IP/VC Products Hard-Coded Community Strings [Cisco Security Advisory Document ID: 63894] February 2, 2005 18:00 GMT Number P-119 [REVISED 25 Feb 2005] ______________________________________________________________________________ PROBLEM: Hard-coded Simple Network Management Protocol (SNMP) community strings are present in Cisco IP/VC Videoconferencing System models 3510, 3520, 3525 and 3530. Community strings are the equivalent to a password. PLATFORM: Cisco IPVC-3510-MCU Cisco IPVC-3520-GW-2B Cisco IPVC-3520-GW-4B Cisco IPVC-3520-GW-2V Cisco IPVC-3520-GW-4V Cisco IPVC-3520-GW-2B2V Cisco IPVC-3525-GW-1P Cisco IPVC-3530-VTA DAMAGE: Any user who has access to the vulnerable devices and knows the community strings can obtain total control of the device. SOLUTION: Apply available workaround. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. An attacker may create new services, ASSESSMENT: terminate or affect existing sessions, and redirect traffic to a different destination. It is a best practice to block SNMP at the gateway. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-119.shtml ORIGINAL BULLETIN: http://www.cisco.com/en/US/products/products_security_advisory 09186a00803ca37f.shtml ______________________________________________________________________________