Through emPSN’s registrations with various security partners we receive information around the IP addresses on the emPSN network, including potential vulnerabilities. Third Party vulnerability data is taken from public reference sources, supplied on an as is basis. Data should be used to confirm and check the posture of the equipment running within your network.
SNMP – Simple Network Management Protocol.
Used by various devices and applications (including firewalls and routers) to communicate logging and management information with remote monitoring applications. Typically, SNMP agents listen on UDP port 161, asynchronous traps are received on port 162.
SNMP ports are utilised via UDP 161 for SNMP Managers communicating with SNMP Agents (i.e. polling) and UDP 162 when agents send unsolicited Traps to the SNMP Manager.
Recommended Actions:
One of the key vulnerabilities of several versions of the SNMP protocol (SNMPv1 and SNMPv2) is that SNMP messages are sent across the network unencrypted, meaning that someone with a packet sniffer can read the community string in plain text.
SNMPv2 introduced the Inform features which allow acknowledgement of the receipt of messages by the manager while the SNMPv3 introduced an enhanced security system that authenticates messages and ensures their privacy especially if they are forwarded through the Internet. We recommend the use of v2 or v3 SNMP as a minimum and disable SNMP v1 controls on equipment.
Questions:
If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk
References:
- CVE.mitre.org is also another useful site and by searching their “CVE list” and typing in the Vulnerability they can help identify and mitigate the issue:
