[原文]Management information base (MIB) for a 3Com SuperStack II hub running software version 2.10 contains an object identifier (.220.127.116.11.18.104.22.168.4.2) that is accessible by a read-only community string, but lists the entire table of community strings, which could allow attackers to conduct unauthorized activities.
[CNNVD]3Com SuperStack II hub运行软件Management information base (MIB)信息泄露漏洞(CNNVD-199908-057)
3Com SuperStack II集线器运行软件2.10版本的Management information base (MIB)包含可被只读community string访问的对象标识符(.22.214.171.124.126.96.36.199.4.2)，并且列出整个community string表，攻击者可以利用其进行非法活动。
3Com SuperStack II Hub MIB Community String Disclosure
Remote / Network Access
Loss of Confidentiality
Management information base(MIB) for 3Com SuperStack II hub contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an object identifier accessible by a read-only community string leads to lists the entire table of community strings, allowing attackers to conduct unauthorized activities resulting in a loss of confidentiality.
Upgrade 3COM SuperStack II Hub to version 2.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.