CVE-2008-0960

CVSS V2 High 10 CVSS V3 None

Description

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

Overview

CVE ID
CVE-2008-0960

Assigner
cret@cert.org

Vulnerability Status
Modified

Published Version
2008-06-10T18:32:00

Last Modified Date
2018-10-30T16:25:36

Weakness Enumerations

CWE	URL
CWE-287	http://cwe.mitre.org/data/definitions/287.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
		AND
cpe:2.3:o:cisco:catos:7.1.1:::::::*	0	OR
cpe:2.3:o:cisco:catos:7.3.1:::::::*	0	OR
cpe:2.3:o:cisco:catos:7.4.1:::::::*	0	OR
cpe:2.3:o:cisco:catos:8.3:::::::*	0	OR
cpe:2.3:o:cisco:cisco_ios:12.0:s::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.0:sy::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.1:e::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:ewa::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:jk::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:sb::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:sg::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:sga::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:sra::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:srb::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:src::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:sxb::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:sxd::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:sxf::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:zl::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.2:zy::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:::::::*	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:b::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:ja::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:jeb::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:jk::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:jl::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:jx::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:t::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:xa::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:xg::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:xi::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:xk::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:xr::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:yf::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:yi::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:yt::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.3:yx::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.4:::::::*	0	OR
cpe:2.3:o:cisco:cisco_ios:12.4:t::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.4:xa::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.4:xc::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.4:xd::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.4:xe::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.4:xj::::::	0	OR
cpe:2.3:o:cisco:cisco_ios:12.4:xw::::::	0	OR
cpe:2.3:o:cisco:ios:10.0:::::::*	0	OR
cpe:2.3:o:cisco:ios:11.0:::::::*	0	OR
cpe:2.3:o:cisco:ios:11.1:::::::*	0	OR
cpe:2.3:o:cisco:ios:11.3:::::::*	0	OR
cpe:2.3:o:cisco:ios:12.2:::::::*	0	OR
cpe:2.3:o:cisco:ios_xr:2.0:::::::*	0	OR
cpe:2.3:o:cisco:ios_xr:3.0:::::::*	0	OR
cpe:2.3:o:cisco:ios_xr:3.2:::::::*	0	OR
cpe:2.3:o:cisco:ios_xr:3.3:::::::*	0	OR
cpe:2.3:o:cisco:ios_xr:3.4:::::::*	0	OR
cpe:2.3:o:cisco:ios_xr:3.5:::::::*	0	OR
cpe:2.3:o:cisco:ios_xr:3.6:::::::*	0	OR
cpe:2.3:o:cisco:ios_xr:3.7:::::::*	0	OR
cpe:2.3:o:cisco:nx_os:4.0:::::::*	0	OR
cpe:2.3:o:cisco:nx_os:4.0.1:a::::::	0	OR
cpe:2.3:o:cisco:nx_os:4.0.2:::::::*	0	OR
cpe:2.3:o:ecos_sourceware:ecos:1.1:::::::*	0	OR
cpe:2.3:o:ecos_sourceware:ecos:1.2.1:::::::*	0	OR
cpe:2.3:o:ecos_sourceware:ecos:1.3.1:::::::*	0	OR
cpe:2.3:o:ecos_sourceware:ecos:2.0:::::::*	0	OR
cpe:2.3:o:ecos_sourceware:ecos:2.0:b1::::::	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0.1:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0.2:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0.3:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0.4:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0.5:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0.6:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0.7:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0.8:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.0.9:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.1:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.1.1:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.1.2:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.2:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.3:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:::::::*	0	OR
cpe:2.3:o:net-snmp:net_snmp:5.4:::::::*	0	OR
cpe:2.3:o:sun:solaris:10.0:unkown:x86:::::*	0	OR
cpe:2.3:o:sun:sunos:5.10:::::::*	0	OR
cpe:2.3:h:cisco:ace_10_6504_bundle_with_4_gbps_throughput::::::::	0	OR
cpe:2.3:h:cisco:ace_10_6509_bundle_with_8_gbps_throughput::::::::	0	OR
cpe:2.3:h:cisco:ace_10_service_module::::::::	0	OR
cpe:2.3:h:cisco:ace_20_6504_bundle_with__4gbps_throughput::::::::	0	OR
cpe:2.3:h:cisco:ace_20_6509_bundle_with_8gbps_throughput::::::::	0	OR
cpe:2.3:h:cisco:ace_20_service_module::::::::	0	OR
cpe:2.3:h:cisco:ace_4710::::::::	0	OR
cpe:2.3:h:cisco:ace_xml_gateway:5.2:::::::*	0	OR
cpe:2.3:h:cisco:ace_xml_gateway:6.0:::::::*	0	OR
cpe:2.3:h:cisco:mds_9120::::::::	0	OR
cpe:2.3:h:cisco:mds_9124::::::::	0	OR
cpe:2.3:h:cisco:mds_9134::::::::	0	OR
cpe:2.3:h:cisco:mds_9140::::::::	0	OR
cpe:2.3:h:ingate:ingate_firewall:2.2.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:2.2.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:2.2.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:2.3.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:2.4.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:2.4.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:2.5.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:2.6.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:2.6.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:3.0.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:3.1.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:3.1.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:3.1.3:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:3.1.4:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:3.2.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:3.2.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:3.2.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:3.3.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.1.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.1.3:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.2.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.2.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.2.3:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.3.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.4.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.4.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.5.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.5.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.6.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.6.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_firewall:4.6.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:2.2.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:2.2.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:2.2.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:2.3.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:2.4.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:2.4.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:2.5.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:2.6.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:2.6.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:3.0.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:3.1.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:3.1.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:3.1.3:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:3.1.4:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:3.2.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:3.2.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:3.2.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:3.3.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.1.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.1.3:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.2.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.2.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.2.3:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.3.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.3.4:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.4.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.4.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.5.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.5.2:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.6.0:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.6.1:::::::*	0	OR
cpe:2.3:h:ingate:ingate_siparator:4.6.2:::::::*	0	OR
cpe:2.3:a:juniper:session_and_resource_control:1.0:::::::*	1	OR
cpe:2.3:a:juniper:session_and_resource_control:2.0:::::::*	1	OR
cpe:2.3:a:juniper:src_pe:1.0:::::::*	1	OR
cpe:2.3:a:juniper:src_pe:2.0:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
10

Severity
HIGH

Exploitability Score
10

Impact Score
10

References

Reference URL	Reference Tags
http://www.openwall.com/lists/oss-security/2008/06/09/1
http://www.ocert.org/advisories/ocert-2008-006.html
http://sourceforge.net/forum/forum.php?forum_id=833770
http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q	US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z	US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-7ETS87	US Government Resource
https://bugzilla.redhat.com/show_bug.cgi?id=447974
http://rhn.redhat.com/errata/RHSA-2008-0528.html
http://www.kb.cert.org/vuls/id/878044	US Government Resource
http://www.securityfocus.com/bid/29623	Exploit Patch
http://secunia.com/advisories/30574	Vendor Advisory
http://secunia.com/advisories/30596	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA08-162A.html	US Government Resource
http://secunia.com/advisories/31334	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html
http://secunia.com/advisories/30647	Vendor Advisory
http://support.apple.com/kb/HT2163
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://secunia.com/advisories/30648	Vendor Advisory
http://secunia.com/advisories/31467	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:118
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html
http://www.vmware.com/security/advisories/VMSA-2008-0013.html
http://secunia.com/advisories/30802	Vendor Advisory
http://secunia.com/advisories/30665	Vendor Advisory
http://secunia.com/advisories/31351	Vendor Advisory
http://lists.ingate.com/pipermail/productinfo/2008/000021.html
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml	Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html
http://secunia.com/advisories/30626	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200808-02.xml
http://secunia.com/advisories/31568	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm
http://www.vmware.com/security/advisories/VMSA-2008-0017.html
http://www.debian.org/security/2008/dsa-1663	Patch
http://www.redhat.com/support/errata/RHSA-2008-0529.html
http://secunia.com/advisories/30615	Vendor Advisory
http://www.securitytracker.com/id?1020218
http://secunia.com/advisories/30612
http://secunia.com/advisories/32664	Vendor Advisory
http://securityreason.com/securityalert/3933
http://secunia.com/advisories/33003	Vendor Advisory
http://www.ubuntu.com/usn/usn-685-1
http://www.vupen.com/english/advisories/2009/1612
http://secunia.com/advisories/35463
http://marc.info/?l=bugtraq&m=127730470825399&w=2
http://www.vupen.com/english/advisories/2008/2361
http://www.vupen.com/english/advisories/2008/2971
http://www.vupen.com/english/advisories/2008/1836/references
http://www.vupen.com/english/advisories/2008/1800/references
http://www.vupen.com/english/advisories/2008/1981/references
http://www.vupen.com/english/advisories/2008/1797/references
http://www.vupen.com/english/advisories/2008/1801/references
http://www.vupen.com/english/advisories/2008/1788/references
http://www.vupen.com/english/advisories/2008/1787/references
https://www.exploit-db.com/exploits/5790
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820
http://www.securityfocus.com/archive/1/497962/100/0/threaded
http://www.securityfocus.com/archive/1/493218/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2008-0960
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:01:10				Added to TrackCVE