1.5.3 Unset 'public' for 'snmp-server community'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

An SNMP community string permits read-only access to all objects.

The default community string "public" is well known. Using easy to guess, well known community string poses a threat that an attacker can effortlessly gain unauthorized access to the device.

Solution

Disable the default SNMP community string "public"

hostname(config)#no snmp-server community {public}

Impact:

To reduce the risk of unauthorized access, Organizations should disable default, easy to guess, settings such as the 'public' setting for snmp-server community.

See Also

https://workbench.cisecurity.org/benchmarks/17130