Simple Network Management Protocol (SNMP) Private Access

Impact

Several vendors have poorly protected "private" Management Information Blocks (MIBs) that can control the target.

Resolution

Determine if your host requires SNMP. On many systems it is installed "out of the box". Unless your enterprise uses SNMP for system management, it may be prudent to simply "turn it off". Check with your vendor on the easiest method for deactivating SNMP.

If SNMP is required, check with your network management group to see if access can be limited to the enterprise. Routers and firewalls provide this facility.

CVE Reference(s):