SNMP : Default community names of the SNMP Agent

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.10264

Category: SNMP

Title: Default community names of the SNMP Agent

Summary: Default community names of the SNMP Agent

Description: Overview:
Simple Network Management Protocol (SNMP) is a protocol
which can be used by administrators to remotely manage a computer or network
device. There are typically 2 modes of remote SNMP monitoring. These modes
are roughly 'READ' and 'WRITE' (or PUBLIC and PRIVATE).

Impact:
If an attacker is able to guess a PUBLIC community string, they would be able to
read SNMP data (depending on which MIBs are installed) from the remote device.
This information might include system time, IP addresses, interfaces, processes
running, etc.

If an attacker is able to guess a PRIVATE community string (WRITE or 'writeall'
access), they will have the ability to change information on the remote machine.
This could be a huge security hole, enabling remote attackers to wreak complete
havoc such as routing network traffic, initiating processes, etc. In essence,
'writeall' access will give the remote attacker full administrative rights over the
remote machine.

Recommendation:
Disable the SNMP service if you don't use it or change the default community string.

Cross-Ref: BugTraq ID: 11237
BugTraq ID: 10576
BugTraq ID: 177
BugTraq ID: 2112
BugTraq ID: 6825
BugTraq ID: 7081
BugTraq ID: 7212
BugTraq ID: 7317
BugTraq ID: 9681
BugTraq ID: 986
Common Vulnerability Exposure (CVE) ID: CVE-1999-0517
Common Vulnerability Exposure (CVE) ID: CVE-1999-0186
Sun Security Bulletin: 00178
XForce ISS Database: snmp-backdoor-access
Common Vulnerability Exposure (CVE) ID: CVE-1999-0254
ISS Security Advisory: Hidden SNMP community in HP OpenView
XForce ISS Database: hpov-hidden-snmp-comm
Common Vulnerability Exposure (CVE) ID: CVE-1999-0516

Copyright This script is Copyright (C) 1999 SecuriTeam

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.10264
Category:	SNMP
Title:	Default community names of the SNMP Agent
Summary:	Default community names of the SNMP Agent
Description:	Overview: Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are roughly 'READ' and 'WRITE' (or PUBLIC and PRIVATE). Impact: If an attacker is able to guess a PUBLIC community string, they would be able to read SNMP data (depending on which MIBs are installed) from the remote device. This information might include system time, IP addresses, interfaces, processes running, etc. If an attacker is able to guess a PRIVATE community string (WRITE or 'writeall' access), they will have the ability to change information on the remote machine. This could be a huge security hole, enabling remote attackers to wreak complete havoc such as routing network traffic, initiating processes, etc. In essence, 'writeall' access will give the remote attacker full administrative rights over the remote machine. Recommendation: Disable the SNMP service if you don't use it or change the default community string.
Cross-Ref:	BugTraq ID: 11237 BugTraq ID: 10576 BugTraq ID: 177 BugTraq ID: 2112 BugTraq ID: 6825 BugTraq ID: 7081 BugTraq ID: 7212 BugTraq ID: 7317 BugTraq ID: 9681 BugTraq ID: 986 Common Vulnerability Exposure (CVE) ID: CVE-1999-0517 Common Vulnerability Exposure (CVE) ID: CVE-1999-0186 Sun Security Bulletin: 00178 XForce ISS Database: snmp-backdoor-access Common Vulnerability Exposure (CVE) ID: CVE-1999-0254 ISS Security Advisory: Hidden SNMP community in HP OpenView XForce ISS Database: hpov-hidden-snmp-comm Common Vulnerability Exposure (CVE) ID: CVE-1999-0516
Copyright	This script is Copyright (C) 1999 SecuriTeam