CVE Vulnerabilities

CVE-2008-0960

Improper Authentication

Published: Jun 10, 2008 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Catos Cisco 7.1.1 7.1.1
Catos Cisco 7.3.1 7.3.1
Catos Cisco 7.4.1 7.4.1
Catos Cisco 8.3 8.3
Cisco_ios Cisco 12.0 12.0
Cisco_ios Cisco 12.0 12.0
Cisco_ios Cisco 12.1 12.1
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.2 12.2
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.3 12.3
Cisco_ios Cisco 12.4 12.4
Cisco_ios Cisco 12.4 12.4
Cisco_ios Cisco 12.4 12.4
Cisco_ios Cisco 12.4 12.4
Cisco_ios Cisco 12.4 12.4
Cisco_ios Cisco 12.4 12.4
Cisco_ios Cisco 12.4 12.4
Cisco_ios Cisco 12.4 12.4
Ios Cisco 10.0 10.0
Ios Cisco 11.0 11.0
Ios Cisco 11.1 11.1
Ios Cisco 11.3 11.3
Ios Cisco 12.2 12.2
Ios_xr Cisco 2.0 2.0
Ios_xr Cisco 3.0 3.0
Ios_xr Cisco 3.2 3.2
Ios_xr Cisco 3.3 3.3
Ios_xr Cisco 3.4 3.4
Ios_xr Cisco 3.5 3.5
Ios_xr Cisco 3.6 3.6
Ios_xr Cisco 3.7 3.7
Nx_os Cisco 4.0 4.0
Nx_os Cisco 4.0.1 4.0.1
Nx_os Cisco 4.0.2 4.0.2
Ecos Ecos_sourceware 1.1 1.1
Ecos Ecos_sourceware 1.2.1 1.2.1
Ecos Ecos_sourceware 1.3.1 1.3.1
Ecos Ecos_sourceware 2.0 2.0
Ecos Ecos_sourceware 2.0 2.0
Net_snmp Net-snmp 5.0 5.0
Net_snmp Net-snmp 5.0.1 5.0.1
Net_snmp Net-snmp 5.0.2 5.0.2
Net_snmp Net-snmp 5.0.3 5.0.3
Net_snmp Net-snmp 5.0.4 5.0.4
Net_snmp Net-snmp 5.0.5 5.0.5
Net_snmp Net-snmp 5.0.6 5.0.6
Net_snmp Net-snmp 5.0.7 5.0.7
Net_snmp Net-snmp 5.0.8 5.0.8
Net_snmp Net-snmp 5.0.9 5.0.9
Net_snmp Net-snmp 5.1 5.1
Net_snmp Net-snmp 5.1.1 5.1.1
Net_snmp Net-snmp 5.1.2 5.1.2
Net_snmp Net-snmp 5.2 5.2
Net_snmp Net-snmp 5.3 5.3
Net_snmp Net-snmp 5.3.0.1 5.3.0.1
Net_snmp Net-snmp 5.4 5.4
Solaris Sun 10.0 10.0
Sunos Sun 5.10 5.10

Potential Mitigations

References