The network device must only allow SNMP read-only access.

From Firewall Security Technical Implementation Guide - Cisco

Part of Network element must only allow SNMP read access.

Associated with IA controls: ECSC-1

SV-41513r2_rule The network device must only allow SNMP read-only access.

Vulnerability discussion

Enabling write access to the router via SNMP provides a mechanism that can be exploited by an attacker to set configuration variables that can disrupt network operations.

Check content

The ASA appliance can send SNMP traps and can be polled via SNMP. However, it does not allow SNMP write access. This requirement will not be a finding.

Fix text

The ASA appliance can send SNMP traps and can be polled via SNMP. However, it does not allow SNMP write access. This requirement will not be a finding.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer