Cisco Warns of SNMP Vulnerability
- By Joab Jackson
Researchers have found a pair of vulnerabilities in version 3 of the Simple
Network Management Protocol (SNMPv3) that could allow attackers to gather system
data or even change network equipment configurations, according
to an advisory
issued by Cisco Systems earlier this week.
SNMP is a standardized protocol used for remotely monitoring and managing network
devices. This security can be exploited by sending malformed SNMPv3 messages.
Machines running SNMPv3 will accept incomplete authentication packets, allowing
a malicious user with a valid username for that machine to guess at authentication
Multiple Cisco products are vulnerable to this exploitation, though SNMP is
disabled by default in Cisco gear. Equipment running the Cisco IOS, CatOS and
the IOS-XR operating systems may be vulnerable. Administrations should log in
to such equipment to find out which version of SNMP the equipment runs. Only
version 3 of SNMP is affected.
Cisco's advisory offers links to patches and describes how administrators can
change their equipment's setting to guard against exploitation.
In addition to certain Cisco products, network equipment by other vendors using
SNMPv3 may also affected, including gear sold by 3Com, Apple Computer, Avaya,
CA, EMC, Hewlett-Packard, Juniper Networks, McAfee, Network Appliance, Red Hat,
Sun Microsystems and others, according
to the United States Computer Emergency Response Team (US-CERT).
This vulnerability has been assigned Vulnerability Note VU#878044 by US-CERT
and identifier CVE-2008-0960 in the Common
Vulnerabilities and Exposures (CVE) database.
Joab Jackson is the chief technology editor of Government Computing News (GCN.com).