Reset Search
 

 

Article

Are EOS Switches Vulnerable to SNMP GetBulk attack Reported by NESSUS Tool?

« Go Back

Information

 
TitleAre EOS Switches Vulnerable to SNMP GetBulk attack Reported by NESSUS Tool?
Question
Why does NESSUS  scanned  report the  following?
 
The remote SNMP daemon is responding with a large amount of data to a'GETBULK' request with a larger than normal value for 'max-repetitions'. A remote attacker can use this SNMP server to
conduct a reflected distributed denial of service attack on an
arbitrary remote host.

 
Environment
  • S-Series
  • K-Series
  • 7100-Series
  • Securestacks
Answer
EOS is not vulnerable to CVE-2007-5846 because it does not use the net-snmp library.  However, EOS's default SNMP configuration does leave it vulnerable to generic attacks such as the one tested for by Nessus Plugin #76774:
https://www.tenable.com/plugins/index.php?view=single&id=76474
 Title :    SNMP 'GETBULK' Reflection DDoS
 The remote SNMP daemon is affected by a vulnerability that
allows a reflected distributed denial of service attack.

The solution is to delete the SNMPv1/v2 public access groups that are part of EOS's default configuration.  If SNMP access is required, configure a secure SNMPv3 group with security model USM (User-based Security Model).

See the "Simple Network Management Protocol (SNMP) Configuration: Security Models and Levels" section of the "S- K- and 7100- Series Configuration Guide" for details.


 
Additional notes
CR  man0034127 
 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255