UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must only allow SNMP read-only access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3969 NET0894 SV-3969r3_rule ECSC-1 Medium
Description
Enabling write access to the device via SNMP provides a mechanism that can be exploited by an attacker to set configuration variables that can disrupt network operations.
STIG Date
Infrastructure L3 Switch Security Technical Implementation Guide 2013-10-08

Details

Check Text ( C-3942r9_chk )
Review the network device configuration and verify SNMP community strings are read-only when using SNMPv1, v2c, or basic v3 (no authentication or privacy). Write access may be used if authentication is configured when using SNMPv3.

If write-access is used for SNMP versions 1, 2c, or 3-noAuthNoPriv mode and there is no documented approval by the IAO, this is a finding.
Fix Text (F-3902r7_fix)
Configure the network device to allow for read-only SNMP access when using SNMPv1, v2c, or basic v3 (no authentication or privacy). Write access may be used if authentication is configured when using SNMPv3.