• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple Vendor SNMP World Writeable Community Vulnerability

Severity: HIGH

Description:

In a number of network devices/operating systems, some default communites are world-writeable and therefore allow remote users to configure properties of the device/OS without any authorization (other than knowledge of the community name).

Some of the common default communities/vendors are:

public (ascend,cisco,bay networks (nortel),microsoft,sun,3com, aix)
private (cisco,bay networks (nortel),microsoft,3com, brocade, aix, netapp)
write (ascend, very common)
"all private" (sun)
monitor (3com)
manager (3com)
security (3com)
OrigEquipMfr (brocade)
"Secret C0de" (brocade)
admin
default
password
tivoli
openview
community
snmp
snmpd
system (aix, others)
the name of the router (e.g. 'gate')

The attacks can include manipulating routing tables and corrupting ARP caches, which can lead to further compromise. This type of vulnerability has been seen for quite some time; more information on it is listed in the credit section.

NOTE: There may be more products shipping with default read/writeable communities. If you have any more information on what may be vulnerable (more specific firmware versions or corrections), email <vuldb@securityfocus.com>.

Affected Products:

• Ascom COLTSOHO 2.0.21
• Brocade Fabric OS 2.1.2
• Cisco IOS 11.2
• Cray MatchBox Router 2.0.1
• Microsoft Windows 98
• Microsoft Windows NT 4.0
• Microsoft Windows NT Enterprise Server 4.0
• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Terminal Server 4.0
• Microsoft Windows NT Workstation 4.0
• Sun Solaris 2.6
• Xyplex Router 6.1.1

References:

• Alhambra: Phrack Issue Fifty, Article 7 - SNMP Insecurities

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.