CVE-2016-1473

Published: Sep 2, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.

Affected (3)

Products: Cisco: Small Business 220 Series Smart Plus Switches

1 product

Small Business 220 Series Smart Plus Switches

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.17
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.18
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.19

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/92710

Source: psirt@cisco.com

http://www.securitytracker.com/id/1036711

Source: psirt@cisco.com

http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_default_snmp.pdf

Source: psirt@cisco.com

Third Party Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92710

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036711

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_default_snmp.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.