Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3969 | NET0894 | SV-3969r4_rule | ECSC-1 | Medium |
Description |
---|
Enabling write access to the device via SNMP provides a mechanism that can be exploited by an attacker to set configuration variables that can disrupt network operations. |
STIG | Date |
---|---|
WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) | 2014-12-31 |
Check Text ( C-3942r9_chk ) |
---|
Review the network device configuration and verify SNMP community strings are read-only when using SNMPv1, v2c, or basic v3 (no authentication or privacy). Write access may be used if authentication is configured when using SNMPv3. If write-access is used for SNMP versions 1, 2c, or 3-noAuthNoPriv mode and there is no documented approval by the IAO, this is a finding. |
Fix Text (F-3902r7_fix) |
---|
Configure the network device to allow for read-only SNMP access when using SNMPv1, v2c, or basic v3 (no authentication or privacy). Write access may be used if authentication is configured when using SNMPv3. |