Multiple Vendor SNMP public Community String Information Disclosure

medium Nessus Plugin ID 74091

Synopsis

The remote hosts leaks sensitive information when sending SNMP requests using the 'public' SNMP community string.

Description

Nessus was able to enumerate sensitive information on the remote device by sending SNMP requests using 'public' as the SNMP community string.

Solution

Reconfigure or restrict access to the SNMP server.

Plugin Details

Severity: Medium

ID: 74091

File Name: snmp_info_disclosure.nasl

Version: Revision: 1.2

Type: remote

Family: SNMP

Published: 5/19/2014

Updated: 9/24/2015

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: SNMP/sysDesc

Exploited by Nessus: true

Vulnerability Publication Date: 5/16/2014