CVE-2018-0329

Description

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration (running-config) or the startup configuration (startup-config). Cisco Bug IDs: CSCvi40137.

Risk Information

Base Score

5.3

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

Exploitation Probability

0.316

Associated Vulnerability

Vulnerability	OS Platform
Cisco Wide Area Application Services Software Static SNMP Credentials Vulnerability For Cisco Wide Area Application Services (WAAS) Appliances	NCM
Use of Hard-coded Credentials Vulnerability (CVE-2018-0329)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706001	Security Update for Cisco Wide Area Application Services (WAAS) Appliances 6.3(0.185)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234