The network device must only allow SNMP read-only access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3969 | NET0894 | SV-41513r2_rule | ECSC-1 | Medium |
| Description |
|---|
| Enabling write access to the router via SNMP provides a mechanism that can be exploited by an attacker to set configuration variables that can disrupt network operations. |
| STIG | Date |
|---|---|
| Firewall Security Technical Implementation Guide - Cisco | 2017-12-07 |
Details
| Check Text ( C-39993r4_chk ) |
|---|
| The ASA appliance can send SNMP traps and can be polled via SNMP. However, it does not allow SNMP write access. This requirement will not be a finding. |
| Fix Text (F-40479r2_fix) |
|---|
| The ASA appliance can send SNMP traps and can be polled via SNMP. However, it does not allow SNMP write access. This requirement will not be a finding. |