Vulnerability Details : CVE-2008-0960

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
Vulnerability category: BypassGain privilege
Published 2008-06-10 18:32:00
Updated 2018-10-30 16:25:37
Source CERT/CC
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-0960

Probability of exploitation activity in the next 30 days: 97.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-0960

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
[email protected]

CWE ids for CVE-2008-0960

References for CVE-2008-0960

Products affected by CVE-2008-0960

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!