SNMP information disclosure

Description

It's possible to gather information about the remote host by sending SNMP requests. Simple Network Management Protocol (SNMP) is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.

Remediation

If you are not using SNMP, it's recommended to disabled it. Otherwise, restrict SNMP access to valid users and/or hosts.
The SNMP community string acts as a password for this service. Change the default SNMP community string, choose a strong password.

References
Severity
Classification
Tags
  • Information Disclosure  Configuration  Network Alert