SNMPv3 Authentication Bypass Vulnerability

US-CERT is aware of a vulnerability in implementations of SNMPv3. This vulnerability is due to an error in the way the authenticator field handles shortened hash message authentication code (HMAC). Exploitation of this vulnerability may allow an attacker to read and modify any SNMP object or the configuration of the affected device using the credentials that got them onto the system.

US-CERT encourages users to review Vulnerability Notes VU#878044 and apply the solutions or workarounds listed in the document to help mitigate the risks.

US-CERT will provide additional information as it becomes available.

Read more: US-CERT Current Activity