| VID |
20045 |
| Severity |
20 |
| Port |
161 |
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
The SNMP version 1 is detected.
SNMP (Simple Network Management Protocol) is a widely deployed protocol that is commonly used to monitor and manage network devices. Nearly every operating system, router, switch, cable or DSL modem, and firewall is shipped with an SNMP service. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts.
Numerous vulnerabilities have been reported in multiple vendors' SNMP implementations. These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause unstable behavior. Some vulnerabilities do not require the SNMP message to use the correct SNMP community string.
* References:
http://www.cert.org/advisories/CA-2002-03.html
http://www.ciac.org/ciac/bulletins/m-042.shtml
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/
* Platforms Affected:
SNMP version 1 |
| Recommendation |
1. If SNMP is not needed in your environment, consider disabling SNMP service completely.
2. Filter SNMP traffic from untrusted hosts.
3. Change default community strings
Most SNMP-enabled products ship with default community strings of "public" for read-only access and "private" for read-write access. Recommend that network administrators change these community strings to something of their own choosing.
4. Contact your vendor for patch and upgrade information. CERT Advisory CA-2002-03 includes details about the vulnerabilities and updates for many SNMP vendors. This document is available at http://www.cert.org/advisories/CA-2002-03.html |
| Related URL |
CVE-1999-0615 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
8205 (ISS) |
|
