UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network element must use different SNMP community names or groups for various levels of read and write access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3043 NET1675 SV-3043r2_rule ECSC-1 Medium
Description
Numerous vulnerabilities exist with SNMP; therefore, without unique SNMP community names, the risk of compromise is dramatically increased. This is especially true with vendors default community names which are widely known by hackers and other networking experts. If a hacker gains access to these devices and can easily guess the name, this could result in denial of service, interception of sensitive information, or other destructive actions.
STIG Date
IPSec VPN Gateway Security Technical Implementation Guide 2013-10-08

Details

Check Text ( C-3825r5_chk )
Review the SNMP configuration of all managed nodes to ensure different community names (V1/2) or groups/users (V3) are configured for read-only and read-write access.
Fix Text (F-3068r2_fix)
Configure the SNMP community strings on the network element and change them from the default values. SNMP community strings and user passwords must be unique and do not match any other network device passwords. Different community strings (V1/2) or groups (V3) must be configured for various levels of read and write access.