CVE-2016-2509
MEDIUMBelden Hirschmann Firmware < 09.0.05 - Information Disclosure
Title source: ruleDescription
The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/507216
Vendor Advisory x_refsource_confirm
https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf
Scores
CVSS v3
5.3
EPSS
0.0080
EPSS Percentile
52.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
belden/hirschmann_firmware
05.3.06
belden/hirschmann_firmware
< 09.0.05
belden/hirschmann_l2b
Published
Feb 18, 2016
Tracked Since
Feb 18, 2026