CVE-2016-2509

MEDIUM

Belden Hirschmann Firmware < 09.0.05 - Information Disclosure

Title source: rule

Description

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

References (2)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/507216

[Vendor Advisory] https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 8.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (3)

belden/hirschmann_firmware

belden/hirschmann_l2b

belden/hirschmann_firmware < 09.0.05

Timeline

Published Feb 18, 2016

Tracked Since Feb 18, 2026