CVE-2016-2509

low-risk
Published 2016-02-18

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
ADJACENT_NETWORK / HIGH complexity

Affected Products (3)

Hirschmann L2B
Hirschmann Firmware
Hirschmann Firmware

Affected Vendors

Belden

References (4)

Third Party Advisory http://www.kb.cert.org/vuls/id/507216
Vendor Advisory https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_B...
Third Party Advisory http://www.kb.cert.org/vuls/id/507216
Vendor Advisory https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_B...
23
/ 100
low-risk
Severity 14/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 9/34 · Low