« Alert Center

3COM-06-004
3Com Switch Information Disclosure

October 19, 2006

CVE ID:
CVE-2006-5382

Affected Vendor:
3Com

Affected Products:
3Com SS3 4400/4400PWR/4400SE/4400FX

Switch firmware version 5.11, 6.00 and 6.10 or earlier

Part Numbers 3c17203, 3C17204, 3C17205, 3C17210, 3C17207,

Severity Assessment : Medium

Vulnerability Details:
3Com has identified a vulnerability in the SS3 4400 Switch product. This vulnerability allows remote attackers to gain high level SNMP Read-Write Community string information on vulnerable installations, leading to a limited information disclosure. An attacker who successfully gained this information could perform a variety of operations on the switch, including the disabling of ports or possible VLAN reconfiguration.

The specific flaw exists due to improper handling of normally restricted management packets on the device. The resulting effect is a response from the device containing the R/W community string.

This vulnerability does not work outside of the management VLAN.

Update Availability:
An update for this issue for customers with a software maintenance agreement or through 3Com’s Partner Access site at http://pa.3com.com.

Workarounds:

  1. Only network equipment should be untagged in the management VLAN. Do not put end users in this network.

  2. Disable all access for monitor/manager access levels; use them only for SNMP RO and RW respectively. Disable SNMPv1 for the security level.

  3. If a network management system is in use, use different community strings for each network device if possible.

 

Credit:
This vulnerability was discovered by Andrew Brennan.

Support:
3Com's Knowledgebase and Technical Support Services are available on a 24x7 basis via http://knowledgebase.3com.com/ and http://www.3com.com/products/en_US/supportindex.jsp

3Com customers with a current Professional Services contract receive immediate incident support for an incident involving a 3Com product, solution, or service whether or not an identified issue has been determined. Current 3Com customers with Professional Services contracts entitled to software updates should use their current preferred mechanism for receiving security-related software updates.

3Com responds to all current customer support-contract related enquiries within 24 hours and immediately upon notification and receipt into 3Com's call centers. 3Com will respond to any possible threat to its products, services, or solutions in the same manner.

3Com customers without a current Professional Services contract will receive incident support if the issue identified involves a recognized and 3Com acknowledged security vulnerability or vulnerabilities within a 3Com product, solution, or service or if the 3Com product, solution, or service is alleged to have one during the 3Com First Responder, technician, or coordinator's assessment.

How To Contact 3Com on Non-Security Related Issues
If an incident or issue has arisen either directly or indirectly with a 3Com product, solution, or service, but is not considered high risk or of an emergency nature, please contact 3Com's Technical Support organization, or visit our Customer Support Organization website at: http://www.3com.com/products/en_US/supportindex.jsp .

Please visit http://csoweb4.3com.com/contactus/ for a complete interactive directory for contacting 3Com's support and Global Services Organization by phone from anywhere in the world for non-security related issues. Some support services may require a current contract with 3Com support and Professional Services.



>