Strix
26.1K

CVE-2006-4950

UnknownEPSS 5.67%

Last modified

CVE-2006-4950 is a vulnerability of currently unknown severity. Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.. EPSS estimates a 5.67% chance of exploitation in the next 30 days.

Description

Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.

Metrics

EPSS Probability
5.67%

92.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
CiscoIos<= 12.3
CiscoIos12.3\(1a\)
CiscoIos12.3\(2\)ja
CiscoIos12.3\(2\)ja5
CiscoIos12.3\(2\)jk
CiscoIos12.3\(2\)jk1
CiscoIos12.3\(2\)t3
CiscoIos12.3\(2\)t8
CiscoIos12.3\(2\)xa4
CiscoIos12.3\(2\)xa5
CiscoIos12.3\(2\)xc1
CiscoIos12.3\(2\)xc2
CiscoIos12.3\(2\)xc3
CiscoIos12.3\(2\)xc4
CiscoIos12.3\(2\)xe3
CiscoIos12.3\(2\)xe4
CiscoIos12.3\(3e\)
CiscoIos12.3\(3h\)
CiscoIos12.3\(3i\)
CiscoIos12.3\(4\)eo1
CiscoIos12.3\(4\)ja
CiscoIos12.3\(4\)ja1
CiscoIos12.3\(4\)t
CiscoIos12.3\(4\)t1
CiscoIos12.3\(4\)t2
CiscoIos12.3\(4\)t3
CiscoIos12.3\(4\)t4
CiscoIos12.3\(4\)t8
CiscoIos12.3\(4\)tpc11a
CiscoIos12.3\(4\)xd
CiscoIos12.3\(4\)xd1
CiscoIos12.3\(4\)xd2
CiscoIos12.3\(4\)xe4
CiscoIos12.3\(4\)xg1
CiscoIos12.3\(4\)xg2
CiscoIos12.3\(4\)xg4
CiscoIos12.3\(4\)xg5
CiscoIos12.3\(4\)xh
CiscoIos12.3\(4\)xk
CiscoIos12.3\(4\)xk1
CiscoIos12.3\(4\)xk3
CiscoIos12.3\(4\)xk4
CiscoIos12.3\(4\)xq
CiscoIos12.3\(4\)xq1
CiscoIos12.3\(5\)
CiscoIos12.3\(5\)b1
CiscoIos12.3\(5a\)
CiscoIos12.3\(5a\)b
CiscoIos12.3\(5a\)b2
CiscoIos12.3\(5a\)b5

Showing 50 of 228 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-4950?
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.
How severe is CVE-2006-4950?
Severity scoring for CVE-2006-4950 is pending analysis. The EPSS model estimates a 5.67% probability of exploitation in the next 30 days.
How do I fix CVE-2006-4950?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-4950?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST