UCF STIG Viewer Logo

Network devices must only allow SNMP read-only access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3969 NET0894 SV-3969r5_rule Medium
Description
Enabling write access to the device via SNMP provides a mechanism that can be exploited by an attacker to set configuration variables that can disrupt network operations.
STIG Date
Layer 2 Switch Security Technical Implementation Guide 2017-12-07

Details

Check Text ( C-3942r10_chk )
Review the network device configuration and verify SNMP community strings are read-only when using SNMPv1, v2c, or basic v3 (no authentication or privacy). Write access may be used if authentication is configured when using SNMPv3.

If write-access is used for SNMP versions 1, 2c, or 3-noAuthNoPriv mode and there is no documented approval by the ISSO, this is a finding.
Fix Text (F-3902r7_fix)
Configure the network device to allow for read-only SNMP access when using SNMPv1, v2c, or basic v3 (no authentication or privacy). Write access may be used if authentication is configured when using SNMPv3.