CVE-2000-0955

Cisco Virtual Central Office 4000 < 5.1.3 - Weak Encryption in SNMP MIB

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0955. PoCs published by @stake.

AI-analyzed exploit summary This Perl script decrypts Cisco VCO/4K SNMP passwords by reversing a simple substitution cipher (XOR-like operation with 164). It requires prior retrieval of the obfuscated password (e.g., via read-only SNMP community string).

Description

Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by @stake · perlremotehardware

https://www.exploit-db.com/exploits/20372

View Code ZIP pw:eip

This Perl script decrypts Cisco VCO/4K SNMP passwords by reversing a simple substitution cipher (XOR-like operation with 164). It requires prior retrieval of the obfuscated password (e.g., via read-only SNMP community string).

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cisco Virtual Central Office 4000 (VCO/4K) <= 5.13

No auth needed

Prerequisites: Access to SNMP read-only community string to retrieve obfuscated passwords

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_atstake

http://www.atstake.com/research/advisories/2000/a102600-1.txt

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1885

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5425

Scores

EPSS 0.0184

EPSS Percentile 76.2%

Details

Status published

Products (1)

cisco/virtual_central_office_4000 < 5.1.3

Published Dec 19, 2000

Tracked Since Feb 18, 2026