CVE-2016-2509

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:belden:hirschmann_firmware:05.3.06:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l2b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:belden:hirschmann_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:belden:hirschmann_l2e:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l2p:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l3e:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_l3p:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:48

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/507216 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/507216 - Third Party Advisory, US Government Resource
References () https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf - Vendor Advisory () https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf - Vendor Advisory

Information

Published : 2016-02-18 22:59

Updated : 2024-11-21 02:48


NVD link : CVE-2016-2509

Mitre link : CVE-2016-2509

CVE.ORG link : CVE-2016-2509


JSON object : View

Products Affected

belden

  • hirschmann_l2b
  • hirschmann_firmware
  • hirschmann_l2p
  • hirschmann_l3p
  • hirschmann_l2e
  • hirschmann_l3e
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor