The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Cisco Catalyst: code execution via NAM

Synthesis of the vulnerability 

An attacker can send spoofed SNMP packets in order to obtain complete control of the system.
Vulnerable software: Cisco Catalyst.
Severity of this announce: 4/4.
Creation date: 28/02/2007.
Références of this computer vulnerability: 81863, BID-22751, cisco-sa-20070228-nam, CSCsd75273, CSCse39848, CSCse52951, CVE-2007-1257, VIGILANCE-VUL-6595, VU#472412.

Description of the vulnerability 

The NAM (Network Analysis Module) optional module permits to monitor and analyze network traffic. It uses SNMP to communicate with the Catalyst system.

However, an attacker can send a SNMP packet with a spoofed source address from NAM and a destination address of Catalyst system. This packet leads to complete control of the system.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity announce impacts software or systems such as Cisco Catalyst.

Our Vigil@nce team determined that the severity of this threat alert is critical.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this computer weakness alert.

Solutions for this threat 

Cisco Catalyst: version for NAM.
Cisco's announces indicate corrected versions and workarounds.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities database. The Vigil@nce vulnerability database contains several thousand vulnerabilities.