COMMAND

	Cisco SNMP unlimitted access

SYSTEMS AFFECTED

	Cisco ubr900 series routers

PROBLEM

	Scott of Security Secrets revealed :
	

	Using any combination of the  following  SNMP  commands  and  community,
	access to the config was granted (I.e  :  any  community  name  provided
	will work) :
	

	

	/ Snmp Commands /

	snmp-server engineID local 0000000...(the rest)

	snmp-server community hardtoguess RO

	no snmp-server ifindex persist

	snmp-server manager

	

	/ Community /

	xyzzy

	agent_steal

	freekevin

	fubar

	

	

	Notice, that not once, was the  RO  community  name  of  \'hardtoguess\'
	used, and there was no mention in the config of any RW  string.  A  \'sh
	snmp comm\'  turned  up  only  the  RO  name,  as  well  as  the  widely
	documented \'cable-docsis\' problem.
	

	This was  tested  with  Solarwinds  Network  Browser,  as  well  as  the
	snmpset/snmpget/snmpwalk tools available in Linux.

SOLUTION

	None yet.