CVE-2016-2509

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:belden:hirschmann_firmware:05.3.06:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l2b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:belden:hirschmann_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:belden:hirschmann_l2e:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l2p:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l3e:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l3p:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-02-18 22:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-2509

Mitre link : CVE-2016-2509

CVE.ORG link : CVE-2016-2509


JSON object : View

Products Affected

belden

  • hirschmann_l2b
  • hirschmann_l3e
  • hirschmann_l2e
  • hirschmann_firmware
  • hirschmann_l2p
  • hirschmann_l3p
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor