CVE-2016-1452

moderate-risk
Published 2016-07-15

Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (12)

Asr 5000 Software
Asr 5000 Software
Asr 5000 Software
Asr 5000 Software
Asr 5000 Software
Asr 5000 Software
Asr 5000
Asr 5000 Software
Asr 5000 Software
Asr 5000 Software
Asr 5000 Software
Asr 5000 Software

Affected Vendors

Cisco

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securityfocus.com/bid/91756
http://www.securitytracker.com/id/1036298
Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securityfocus.com/bid/91756
http://www.securitytracker.com/id/1036298
42
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate