Multiple Vendor SNMP public Community String Information Disclosure

Medium Nessus Plugin ID 74091

Synopsis

The remote hosts leaks sensitive information when sending SNMP requests using the 'public' SNMP community string.

Description

Nessus was able to enumerate sensitive information on the remote device by sending SNMP requests using 'public' as the SNMP community string.

Solution

Reconfigure or restrict access to the SNMP server.

Plugin Details

Severity: Medium

ID: 74091

File Name: snmp_info_disclosure.nasl

Version: Revision: 1.2

Type: remote

Family: SNMP

Published: 2014/05/19

Updated: 2015/09/24

Dependencies: 10800

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: SNMP/sysDesc

Exploited by Nessus: true

Vulnerability Publication Date: 2014/05/16