CVE-2016-2509

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

La funcionalidad password-sync en switches Belden Hirschmann Classic Platform L2B en versiones anteriores a 05.3.07 y L2E, L2P, L3E y L3P en versiones anteriores a 09.0.06 establece una comunidad SNMP a la misma cadena que la contraseña de administrador, lo que permite a atacantes remotos obtener información sensible husmeando la red.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-02-18 CVE Reserved
2016-02-18 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (2)

URL	Tag	Source
http://www.kb.cert.org/vuls/id/507216	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf	2016-03-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Belden Search vendor "Belden"	Hirschmann Firmware Search vendor "Belden" for product "Hirschmann Firmware"	05.3.06 Search vendor "Belden" for product "Hirschmann Firmware" and version "05.3.06"	-	Affected	in	Belden Search vendor "Belden"	Hirschmann L2b Search vendor "Belden" for product "Hirschmann L2b"	-	-	Affected
Belden Search vendor "Belden"	Hirschmann Firmware Search vendor "Belden" for product "Hirschmann Firmware"	<= 09.0.05 Search vendor "Belden" for product "Hirschmann Firmware" and version " <= 09.0.05"	-	Affected	in	Belden Search vendor "Belden"	Hirschmann L2e Search vendor "Belden" for product "Hirschmann L2e"	-	-	Safe
Belden Search vendor "Belden"	Hirschmann Firmware Search vendor "Belden" for product "Hirschmann Firmware"	<= 09.0.05 Search vendor "Belden" for product "Hirschmann Firmware" and version " <= 09.0.05"	-	Affected	in	Belden Search vendor "Belden"	Hirschmann L2p Search vendor "Belden" for product "Hirschmann L2p"	-	-	Safe
Belden Search vendor "Belden"	Hirschmann Firmware Search vendor "Belden" for product "Hirschmann Firmware"	<= 09.0.05 Search vendor "Belden" for product "Hirschmann Firmware" and version " <= 09.0.05"	-	Affected	in	Belden Search vendor "Belden"	Hirschmann L3e Search vendor "Belden" for product "Hirschmann L3e"	-	-	Safe
Belden Search vendor "Belden"	Hirschmann Firmware Search vendor "Belden" for product "Hirschmann Firmware"	<= 09.0.05 Search vendor "Belden" for product "Hirschmann Firmware" and version " <= 09.0.05"	-	Affected	in	Belden Search vendor "Belden"	Hirschmann L3p Search vendor "Belden" for product "Hirschmann L3p"	-	-	Safe