1. Home
  2. Network Vulnerabilities
  3. How to remediate – SNMP Supported Protocols Detection
Searching...

How to remediate – SNMP Supported Protocols Detection

Contents

1. Introduction

The SNMP Supported Protocols Detection vulnerability reports all protocol versions successfully negotiated with a remote Simple Network Management Protocol agent. This indicates potentially weak security, as older, less secure protocols may be enabled alongside more modern ones. Systems running SNMP are usually affected, including network devices like routers, switches and servers. A successful attack could allow an attacker to gather sensitive information about the network or modify device configurations, impacting confidentiality, integrity, and availability.

2. Technical Explanation

The vulnerability occurs when multiple SNMP protocol versions are enabled on a system. Attackers can attempt to negotiate connections using older, less secure protocols like SNMPv1 or SNMPv2c if they are supported. These protocols transmit data in clear text and lack strong authentication mechanisms. The precondition for exploitation is network connectivity to the target SNMP agent and knowledge of the community string (if used).

  • Root cause: Multiple SNMP versions being enabled, allowing negotiation with less secure options.
  • Exploit mechanism: An attacker uses tools like snmpwalk or similar utilities to attempt connection using different protocol versions until a successful negotiation occurs. For example, an attacker could use `snmpwalk -v1 -c public ` to attempt SNMPv1 access with the default community string.
  • Scope: Network devices running SNMP including routers, switches, servers, and printers. Affected platforms are varied depending on the device vendor and software version.

3. Detection and Assessment

  • Quick checks: Use the `snmpwalk` command to attempt connections with different versions and observe successful negotiations.
  • Scanning: Nessus plugin ID 10423 (SNMP Supported Protocols) can identify supported protocols. This is an example only, other scanners may provide similar functionality.
  • Logs and evidence: Check system logs for SNMP activity related to multiple protocol versions. Specific log files vary by platform but often include syslog or device-specific audit logs.
snmpwalk -v1 -c public

4. Solution / Remediation Steps

Fixing the issue requires disabling unnecessary SNMP protocol versions and configuring secure options where possible. These steps should be small, testable, and safe to roll back.

4.1 Preparation

  • Dependencies: Ensure you have access credentials for the SNMP agent. Rollback plan: Restore the backed-up configuration file.
  • Change window needs: A standard change window may be needed depending on network impact. Approval from a senior network engineer is recommended.

4.2 Implementation

  1. Step 1: Disable SNMPv1 and SNMPv2c if they are not required. This can usually be done through the device’s web interface or command-line configuration.
  2. Step 2: Configure SNMPv3 with strong authentication and encryption (if supported).
  3. Step 3: Restrict access to the SNMP agent using Access Control Lists (ACLs) to limit which IP addresses can connect.

4.3 Config or Code Example

Before

# Cisco IOS configuration example - SNMP community string access
snmp-server community public RW
snmp-server community private RO

After

# Cisco IOS configuration example - Removing community strings and enabling SNMPv3
no snmp-server community public RW
no snmp-server community private RO
snmp-server user   v3 auth md5  priv aes 128

4.4 Security Practices Relevant to This Vulnerability

List only practices that directly address this vulnerability type. Use neutral wording and examples instead of fixed advice. For example: least privilege, input validation, safe defaults, secure headers, patch cadence. If a practice does not apply, do not include it.

  • Practice 1: Least privilege – restrict SNMP access to only authorized users and devices.
  • Practice 2: Secure Defaults – disable unnecessary services like SNMPv1 and v2c by default.

4.5 Automation (Optional)

# Example Ansible playbook snippet to disable SNMPv1/v2c on Cisco IOS devices (example only)
---
- hosts: cisco_devices
  tasks:
    - ios_config:
        lines:
          - no snmp-server community public RW
          - no snmp-server community private RO
      backup: yes

5. Verification / Validation

Confirming the fix involves verifying that unnecessary protocols are disabled and secure options are enabled. Provide commands, expected outputs, and a short negative test if possible. Include a simple service smoke test.

  • Post-fix check: Run `snmpwalk -v1 ` and confirm it fails with a timeout or authentication error.
  • Re-test: Re-run the scanning process (e.g., Nessus plugin 10423) to verify that SNMPv1 and SNMPv2c are no longer reported as supported.
  • Smoke test: Verify that legitimate network monitoring tools using SNMPv3 can still access device information.
  • Monitoring: Monitor system logs for failed SNMP attempts from unauthorized sources. Example log query: search for “snmp” with a filter for authentication failures.
snmpwalk -v1

6. Preventive Measures and Monitoring

Suggest only measures that are relevant to the vulnerability type. Use “for example” to keep advice conditional, not prescriptive.

  • Baselines: Update a security baseline or policy to require disabling SNMPv1/v2c and enabling SNMPv3 with strong authentication.
  • Asset and patch process: Implement a regular review cycle for network device configurations to ensure compliance with security policies.

7. Risks, Side Effects, and Roll Back

  • Roll back: Restore the backed-up device configuration file. Re-enable SNMPv1/v2c if necessary.

8. References and Resources

  • Vendor advisory or bulletin: Consult your device vendor’s security documentation for specific guidance on SNMP configuration.
  • NVD or CVE entry: CVE-2019-6357 (example, check for relevant entries).
Updated on December 27, 2025

Was this article helpful?

Yes No

Related Articles