1.5.2 Unset 'private' for 'snmp-server community'

Information

An SNMP community string permits read-only access to all objects.

The default community string "private" is well known. Using easy to guess, well known community string poses a threat that an attacker can effortlessly gain unauthorized access to the device.

Solution

Disable the default SNMP community string private

hostname(config)#no snmp-server community {private}

Impact:

To reduce the risk of unauthorized access, Organizations should disable default, easy to guess, settings such as the 'private' setting for snmp-server community.

See Also

https://workbench.cisecurity.org/benchmarks/17130

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv7|9.2

Plugin: Cisco

Control ID: 9ce27b7c515c6e2e4a1be498bc9f53491470e3b7a38d7bfddaa7cebdef4904f1