Vulnerability Remediation: 41028 SNMP Agent Default Community Name (public)

dingding 好物分享

The "SNMP Agent Default Community Name (public)" refers to a vulnerability and a specific Nessus plugin (ID 41028) that flags devices using the default public community string for Simple Network Management Protocol (SNMP). This is a security risk because attackers can easily guess public to gain unauthorized read access to network device information and potentially alter its configuration. To fix this, you must change the default community string to a strong, unique one on the device or, preferably, migrate to the more secure SNMPv3. 

 

Command to check SNMP services and ports

ps aux | grep snmp

systemctl status snmpd

sudo netstat -anu | grep 161

sudo ss -anu | grep 161

root@instance-webvm:~# apt install snmp
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libsnmp-base libsnmp40t64
Suggested packages:
  snmp-mibs-downloader
The following NEW packages will be installed:
  libsnmp-base libsnmp40t64 snmp
0 upgraded, 3 newly installed, 0 to remove and 137 not upgraded.
Need to get 1452 kB of archives.
After this operation, 5221 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://us-central1.gce.archive.ubuntu.com/ubuntu noble-updates/main amd64 libsnmp-base all 5.9.4+dfsg-1.1ubuntu3.1 [206 kB]
Get:2 http://us-central1.gce.archive.ubuntu.com/ubuntu noble-updates/main amd64 libsnmp40t64 amd64 5.9.4+dfsg-1.1ubuntu3.1 [1066 kB]
Get:3 http://us-central1.gce.archive.ubuntu.com/ubuntu noble-updates/main amd64 snmp amd64 5.9.4+dfsg-1.1ubuntu3.1 [180 kB]
Fetched 1452 kB in 0s (11.8 MB/s)
Selecting previously unselected package libsnmp-base.
(Reading database ... 143395 files and directories currently installed.)
Preparing to unpack .../libsnmp-base_5.9.4+dfsg-1.1ubuntu3.1_all.deb ...
Unpacking libsnmp-base (5.9.4+dfsg-1.1ubuntu3.1) ...
Selecting previously unselected package libsnmp40t64:amd64.
Preparing to unpack .../libsnmp40t64_5.9.4+dfsg-1.1ubuntu3.1_amd64.deb ...
Unpacking libsnmp40t64:amd64 (5.9.4+dfsg-1.1ubuntu3.1) ...
Selecting previously unselected package snmp.
Preparing to unpack .../snmp_5.9.4+dfsg-1.1ubuntu3.1_amd64.deb ...
Unpacking snmp (5.9.4+dfsg-1.1ubuntu3.1) ...
Setting up libsnmp-base (5.9.4+dfsg-1.1ubuntu3.1) ...
Setting up libsnmp40t64:amd64 (5.9.4+dfsg-1.1ubuntu3.1) ...
Setting up snmp (5.9.4+dfsg-1.1ubuntu3.1) ...
Processing triggers for libc-bin (2.39-0ubuntu8.5) ...
Processing triggers for man-db (2.12.0-4build2) ...
Scanning processes...                                                                                                                                                                                                                             
Scanning candidates...                                                                                                                                                                                                                            
Scanning linux images...                                                                                                                                                                                                                          
Pending kernel upgrade!
Running kernel version:
  6.11.0-1017-gcp
Diagnostics:
  The currently running kernel version is not the expected kernel version 6.14.0-1012-gcp.
Restarting the system to load the new kernel will not be handled automatically, so you should consider rebooting.
Restarting services...
Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart docker.service
 systemctl restart [email protected]
 systemctl restart networkd-dispatcher.service
 systemctl restart [email protected]
 systemctl restart unattended-upgrades.service
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@instance-webvm:~# ss -anu | grep 161
root@instance-webvm:~# sudo netstat -anu | grep 161
sudo: netstat: command not found
root@instance-webvm:~# systemctl status snmpd
Unit snmpd.service could not be found.
root@instance-webvm:~# snmpwalk
Created directory: /var/lib/snmp/cert_indexes
No hostname specified.
USAGE: snmpwalk [OPTIONS] AGENT [OID]
  Version:  5.9.4.pre2
  Web:      http://www.net-snmp.org/
  Email:    [email protected]
OPTIONS:
  -h, --help            display this help message
  -H                    display configuration file directives understood
  -v 1|2c|3             specifies SNMP version to use
  -V, --version         display package version number
SNMP Version 1 or 2c specific
  -c COMMUNITY          set the community string
SNMP Version 3 specific
  -a PROTOCOL           set authentication protocol (MD5|SHA|SHA-224|SHA-256|SHA-384|SHA-512)
  -A PASSPHRASE         set authentication protocol pass phrase
  -e ENGINE-ID          set security engine ID (e.g. 800000020109840301)
  -E ENGINE-ID          set context engine ID (e.g. 800000020109840301)
  -l LEVEL              set security level (noAuthNoPriv|authNoPriv|authPriv)
  -n CONTEXT            set context name (e.g. bridge1)
  -u USER-NAME          set security name (e.g. bert)
  -x PROTOCOL           set privacy protocol (DES|AES|AES-192|AES-256)
  -X PASSPHRASE         set privacy protocol pass phrase
  -Z BOOTS,TIME         set destination engine boots/time
General communication options
  -r RETRIES            set the number of retries
  -t TIMEOUT            set the request timeout (in seconds)
Debugging
  -d                    dump input/output packets in hexadecimal
  -D[TOKEN[,...]]       turn on debugging output for the specified TOKENs
                           (ALL gives extremely verbose debugging output)
General options
  -m MIB[:...]          load given list of MIBs (ALL loads everything)
  -M DIR[:...]          look in given list of directories for MIBs
    (default: /root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf)
  -P MIBOPTS            Toggle various defaults controlling MIB parsing:
                          u:  allow the use of underlines in MIB symbols
                          c:  disallow the use of "--" to terminate comments
                          d:  save the DESCRIPTIONs of the MIB objects
                          e:  disable errors when MIB symbols conflict
                          w:  enable warnings when MIB symbols conflict
                          W:  enable detailed warnings when MIB symbols conflict
                          R:  replace MIB symbols from latest module
  -O OUTOPTS            Toggle various defaults controlling output display:
                          0:  print leading 0 for single-digit hex characters
                          a:  print all strings in ascii format
                          b:  do not break OID indexes down
                          e:  print enums numerically
                          E:  escape quotes in string indices
                          f:  print full OIDs on output
                          n:  print OIDs numerically
                          p PRECISION:  display floating point values with specified PRECISION (printf format string)
                          q:  quick print for easier parsing
                          Q:  quick print with equal-signs
                          s:  print only last symbolic element of OID
                          S:  print MIB module-id plus last element
                          t:  print timeticks unparsed as numeric integers
                          T:  print human-readable text along with hex strings
                          u:  print OIDs using UCD-style prefix suppression
                          U:  don't print units
                          v:  print values only (not OID = value)
                          x:  print all strings in hex format
                          X:  extended index format
  -I INOPTS             Toggle various defaults controlling input parsing:
                          b:  do best/regex matching to find a MIB node
                          h:  don't apply DISPLAY-HINTs
                          r:  do not check values for range/type legality
                          R:  do random access to OID labels
                          u:  top-level OIDs must have '.' prefix (UCD-style)
                          s SUFFIX:  Append all textual OIDs with SUFFIX before parsing
                          S PREFIX:  Prepend all textual OIDs with PREFIX before parsing
  -L LOGOPTS            Toggle various defaults controlling logging:
                          e:           log to standard error
                          o:           log to standard output
                          n:           don't log at all
                          f file:      log to the specified file
                          s facility:  log to syslog (via the specified facility)
                          (variants)
                          [EON] pri:   log to standard error, output or /dev/null for level 'pri' and above
                          [EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
                          [FS] pri token:    log to file/syslog for level 'pri' and above
                          [FS] p1-p2 token:  log to file/syslog for levels 'p1' to 'p2'
  -C APPOPTS            Set various application specific behaviours:
                          p:  print the number of variables found
                          i:  include given OID in the search range
                          I:  don't include the given OID, even if no results are returned
                          c:  do not check returned OIDs are increasing
                          t:  Display wall-clock time to complete the walk
                          T:  Display wall-clock time to complete each request
                          E {OID}:  End the walk at the specified OID


Using snmpwalk

For Linux –

$ snmpwalk -v1 -c public 192.168.8.1
$snmpwalk -v2c -c public 127.0.0.1

This uses SNMP v1 with the community string “public” and looks at the device with the IP address 192.168.8.1.

For Windows, that same query would be written as –

C:/Users/Laptop> snmpwalk -v:1 -r:192.168.8.1 -c:”public”

In that Windows version, you wouldn’t need to put in the -v:1 or -c:”public” parameters because these give the default values. So, if you missed those out, the command would use those values anyway.

Knowing that you are only going to get interesting information from a specific branch of the MIB tree, you can cut the scan short to skip directly to that part of the MIB.

On Linux, try:

$ snmpwalk -v1 -c public 192.168.8.1 .1.3.6.1.4.1.318

On Windows, you would type:

C:/Users/Laptop> snmpwalk -r:192.168.8.1 -os:.1.3.6.1.4.1.318

These two examples are for querying an APC device that has the IP address 192.168.8.1, so alter those numbers for your network.

Free SNMP Testing Tool

 

The Paessler Free SNMP Testing Tool is a good utility to use for checking on the community string on your network devices. This program runs on Windows and can be downloaded for free.
Run online snmpwalk in free Ubuntu online, free Fedora online, free Windows online emulator or free MACOS online emulator by OnWorks.
https://www.onworks.net/programs/snmpwalk-online

References

https://blog.51sec.org

版权声明:
作者:dingding
链接:https://www.techfm.club/p/228241.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>