[c-nsp] Blocking SNMPv3 engine-id discovery [was: Re: How to disable ILMI/SNMP CSCvs33325]

Nathan Lannine nathan.lannine at gmail.com
Thu Mar 2 11:24:07 EST 2023


On Wed, Sep 21, 2022 at 6:52 AM Simon Leinen via cisco-nsp <
cisco-nsp at puck.nether.net> wrote:

> Gert Doering writes:
> > On Wed, Sep 21, 2022 at 08:14:30AM +0300, Hank Nussbacher wrote:
> >> Indeed the SNMP leaks appear to be exactly CSCtw74132 which we did
> >> not know about nor did Cisco TAC :-(
>

Just wanted to say thanks to you all for this thread.  Gave me a starting
point for mitigating this following a recent vuln scan result.  My biggest
challenge though was figuring out how to validate a fix, which, turns out,
can be ascertained by a packet capture while running "snmpget -v3 <host>"
or by running nmap against it with the nmap snmp-info script.

Regards!

_N


More information about the cisco-nsp mailing list