Sign-up

ID

VAR-201609-0388


CVE

CVE-2016-1473


TITLE

Cisco Small Business 220 Series Smart Plus Switches Unauthorized Access Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-07070 // CNNVD: CNNVD-201608-537

DESCRIPTION

Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216. CiscoSmallBusiness220SeriesSmartPlusSwitches is a series of 220 series stackable managed switches from Cisco. An unauthorized access vulnerability exists in CiscoSmallBusiness220SeriesSmartPlusSwitches. An attacker could exploit the vulnerability to gain unauthorized access to an affected device. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuz76216. The vulnerability is caused by the default SNMP community string in the program

Trust: 2.61

sources: NVD: CVE-2016-1473 // JVNDB: JVNDB-2016-004515 // CNVD: CNVD-2016-07070 // BID: 92710 // VULHUB: VHN-90292 // VULMON: CVE-2016-1473

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07070

AFFECTED PRODUCTS

vendor:ciscomodel:small business 220 series smart plus switchesscope:eqversion:1.0.0.17

Trust: 1.6

vendor:ciscomodel:small business 220 series smart plus switchesscope:eqversion:1.0.0.18

Trust: 1.6

vendor:ciscomodel:small business 220 series smart plus switchesscope:eqversion:1.0.0.19

Trust: 1.6

vendor:ciscomodel:small business 220 series smart plus switchscope:ltversion:1.0.1.1

Trust: 0.8

vendor:ciscomodel:small business series smart plus switchesscope:eqversion:2201.0.0.17

Trust: 0.6

vendor:ciscomodel:small business series smart plus switchesscope:eqversion:2201.0.0.18

Trust: 0.6

vendor:ciscomodel:small business series smart plus switchesscope:eqversion:2201.0.0.19

Trust: 0.6

vendor:ciscomodel:small business series smart plus switchscope:eqversion:2201.0.0.19

Trust: 0.3

vendor:ciscomodel:small business series smart plus switchscope:eqversion:2201.0.0.18

Trust: 0.3

vendor:ciscomodel:small business series smart plus switchscope:eqversion:2201.0.0.17

Trust: 0.3

vendor:ciscomodel:small business series smart plus switchscope:neversion:2201.0.1.1

Trust: 0.3

sources: CNVD: CNVD-2016-07070 // BID: 92710 // JVNDB: JVNDB-2016-004515 // CNNVD: CNNVD-201608-537 // NVD: CVE-2016-1473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1473
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1473
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-07070
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201608-537
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90292
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1473
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1473
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-07070
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90292
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1473
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-07070 // VULHUB: VHN-90292 // VULMON: CVE-2016-1473 // JVNDB: JVNDB-2016-004515 // CNNVD: CNNVD-201608-537 // NVD: CVE-2016-1473

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-90292 // JVNDB: JVNDB-2016-004515 // NVD: CVE-2016-1473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-537

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201608-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004515

PATCH
title:cisco-sa-20160831-sps3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3
Trust: 0.8
title:CiscoSmallBusiness220SeriesSmartPlusSwitches is not authorized to access vulnerable patchesurl:https://www.cnvd.org.cn/patchInfo/show/81034
Trust: 0.6
title:Cisco Small Business 220 Series Smart Plus Switches Fixes for unauthorized access vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63834
Trust: 0.6
title:Cisco: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160831-sps3
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-07070 // 
            
            
            
            VULMON: CVE-2016-1473 // 
            
            
            
            JVNDB: JVNDB-2016-004515 // 
            
            
            
            CNNVD: CNNVD-201608-537

EXTERNAL IDS
db:NVDid:CVE-2016-1473
Trust: 3.5
db:BIDid:92710
Trust: 2.7
db:SECTRACKid:1036711
Trust: 1.2
db:JVNDBid:JVNDB-2016-004515
Trust: 0.8
db:CNNVDid:CNNVD-201608-537
Trust: 0.7
db:CNVDid:CNVD-2016-07070
Trust: 0.6
db:NSFOCUSid:34710
Trust: 0.6
db:VULHUBid:VHN-90292
Trust: 0.1
db:VULMONid:CVE-2016-1473
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-07070 // 
            
            
            
            VULHUB: VHN-90292 // 
            
            
            
            VULMON: CVE-2016-1473 // 
            
            
            
            BID: 92710 // 
            
            
            
            JVNDB: JVNDB-2016-004515 // 
            
            
            
            CNNVD: CNNVD-201608-537 // 
            
            
            
            NVD: CVE-2016-1473

REFERENCES
url:http://www.securityfocus.com/bid/92710
Trust: 2.5
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-sps3
Trust: 2.2
url:http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_default_snmp.pdf
Trust: 1.2
url:http://www.securitytracker.com/id/1036711
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1473
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1473
Trust: 0.8
url:http://www.nsfocus.net/vulndb/34710
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-07070 // 
            
            
            
            VULHUB: VHN-90292 // 
            
            
            
            VULMON: CVE-2016-1473 // 
            
            
            
            BID: 92710 // 
            
            
            
            JVNDB: JVNDB-2016-004515 // 
            
            
            
            CNNVD: CNNVD-201608-537 // 
            
            
            
            NVD: CVE-2016-1473

CREDITS
Nicolas Collignon and Renaud Dubourguais of Synacktiv.
Trust: 0.9
sources:
            
            
            BID: 92710 // 
            
            
            
            CNNVD: CNNVD-201608-537

SOURCES
db:CNVDid:CNVD-2016-07070
db:VULHUBid:VHN-90292
db:VULMONid:CVE-2016-1473
db:BIDid:92710
db:JVNDBid:JVNDB-2016-004515
db:CNNVDid:CNNVD-201608-537
db:NVDid:CVE-2016-1473

LAST UPDATE DATE
2025-04-13T23:27:24.550000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-07070date:2016-09-02T00:00:00
db:VULHUBid:VHN-90292date:2017-08-13T00:00:00
db:VULMONid:CVE-2016-1473date:2017-08-13T00:00:00
db:BIDid:92710date:2016-08-31T00:00:00
db:JVNDBid:JVNDB-2016-004515date:2016-09-05T00:00:00
db:CNNVDid:CNNVD-201608-537date:2016-10-18T00:00:00
db:NVDid:CVE-2016-1473date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-07070date:2016-09-02T00:00:00
db:VULHUBid:VHN-90292date:2016-09-02T00:00:00
db:VULMONid:CVE-2016-1473date:2016-09-02T00:00:00
db:BIDid:92710date:2016-08-31T00:00:00
db:JVNDBid:JVNDB-2016-004515date:2016-09-05T00:00:00
db:CNNVDid:CNNVD-201608-537date:2016-08-31T00:00:00
db:NVDid:CVE-2016-1473date:2016-09-02T00:59:03.497