Skip to main content
Computing at CornellCIT Contact Center (HelpDesk)

SNMP Vulnerability Remediation Resources

SNMP vulnerabilities are often detected by the Internet Scanner. SNMP software can run on a variety of systems from PCs and workstations to routers and printers. The vulnerabilities are often detected on printers. This page presents some resources for correcting mis-configured SNMP implemenations on Windows systems and printers, as well as some general background.

From the SANS Institute (for Windows 2000):

Microsoft Windows 2000 Operating System SNMP Vulnerabilities, http://www.sans.org/infosecFAQ/win2000/SNMP.htm

"During the installation of the Microsoft Windows 2000 Operating System SNMP Service, incorrect permissions assigned to the Microsoft Windows 2000 Operating System SNMP Service registry key parameters listed below. As a result, a person can access the parameter information."

From Microsoft Corp. (for Windows 2000 and NT):

Microsoft Security Bulletin (MS00-096), http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/fq00-096.asp

"This vulnerability is, for all practical purposes, the same as the SNMP Parameters vulnerability discussed in Microsoft Security Bulletin MS00-095. Like that vulnerability, this one could enable a malicious user to manage or configure devices on the network."

There are various methods for identifying and applying fixes. Please refer to the general Windows resources page for more information.

Printer vulnerabilities:

Some printers are vulnerable to certain SNMP exploits. Below are some resources to assist in configuring SNMP on networked printers.

General resources for securing HP networked printers including SNMP considerations:
http://www.cit.cornell.edu/computer/security/printers.html

BACKGROUND INFORMATION

From the SANS Institute:

Twenty Most Critical Internal Security Vulnerabilities, http://www.sans.org/top20.htm

"The Simple Network Management Protocol (SNMP) is widely used by network administrators to monitor and administer all types of network-connected devices ranging from routers to printers to computers. SNMP uses an unencrypted "community string" as its only authentication mechanism. Lack of encryption is bad enough, but the default community string used by the vast majority of SNMP devices is "public", with a few "clever" network equipment vendors changing the string to "private" for more sensitive information. Attackers can use this vulnerability in SNMP to reconfigure or shut down devices remotely. Sniffed SNMP traffic can reveal a great deal about the structure of your network, as well as the systems and devices attached to it. Intruders use such information to pick targets and plan attacks."

From Windows 2000 magazine:

Understanding SNMP, http://www.win2000mag.com/Articles/Index.cfm?ArticleID=549

"Simple Network Management Protocol (SNMP) is a vendor-independent protocol for transporting management data between networked devices and applications and the systems that control and monitor those devices and applications. "