UCF STIG Viewer Logo

The network device must not use the default or well-known SNMP community strings public and private.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3210 NET1665 SV-3210r4_rule High
Description
Network devices may be distributed by the vendor pre-configured with an SNMP agent using the well-known SNMP community strings public for read only and private for read and write authorization. An attacker can obtain information about a network device using the read community string "public". In addition, an attacker can change a system configuration using the write community string "private".
STIG Date
Perimeter Router Security Technical Implementation Guide 2018-11-28

Details

Check Text ( C-3822r7_chk )
Review the network devices configuration and verify if either of the SNMP community strings "public" or "private" is being used.

If default or well-known community strings are used for SNMP, this is a finding.
Fix Text (F-3235r4_fix)
Configure unique SNMP community strings replacing the default community strings.