Nokia Serving GPRS Support Node (SGSN) Platform Discloses SNMP Data to Remote Users
|
|
SecurityTracker Alert ID: 1006281 |
|
SecurityTracker URL: http://securitytracker.com/id/1006281
|
|
CVE Reference:
CAN-2003-0137
(Links to External Site)
|
Date: Mar 13 2003
|
Impact:
Disclosure of system information
|
Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): DX200
|
Description:
An information disclosure vulnerability was reported in the Nokia Serving GPRS Support Node (SGSN) platform. A remote user can read SNMP options from the device.
@stake reported that a remote user can supply an arbitrary community string to the device's Simple Network Management Protocol (SNMP) to read SNMP options from the device.
A demonstration exploit command (using the 3rd party 'snmpwalk' utility) is provided:
snmpwalk <IP of SGSN> tellmeyoursecrets
[Editor's note: Unfortunately, @stake does not permit their advisories to be redistributed and they have denied our request for permission to redistribute. You may view the original advisory at http://www.atstake.com/research/advisories/2003/a031303-2.txt]
|
Impact:
A remote user can read various SNMP data from the device.
|
Solution:
According to the report, the vendor has removed support for the SNMP interface from subsequent Nokia SGSN releases.
|
Vendor URL: www.nokia.com/networks/product_catalog/pc_product_highlights/1,5567,,00.html?prod_id=NWS00031 (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
