Disable SNMPv2 GET Requests for ciscoFlashMIB OID
Question
A customer is using a central device to manage network devices over SNMPv2
A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device.
Which should be disabled to resolve the issue?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
https://nvd.nist.gov/vuln/detail/CVE-2018-0161The correct answer to this question is option A, which is to disable SNMPv2.
SNMP (Simple Network Management Protocol) is a protocol used to manage network devices remotely. SNMPv2 is an older version of SNMP that has been replaced by SNMPv3, which provides better security features. One of the vulnerabilities of SNMPv2 is that it uses a community string for authentication, which is sent in clear text, making it easy for attackers to intercept and use to gain access to network devices.
The vulnerability in this scenario is that an attacker can cause a denial of service (DoS) by issuing a GET request for the ciscoFlashMIB (Management Information Base) OID (Object Identifier) on an affected device. This OID is used to manage the flash memory on Cisco devices. By continuously sending GET requests for this OID, an attacker can overload the device and cause it to become unresponsive.
Disabling SNMPv2 would be an effective way to resolve this issue. This can be done by either disabling SNMPv2 on the affected device or by configuring SNMPv3, which provides better security features such as authentication and encryption.
Option B, TCP small services, is not related to the vulnerability described in the scenario. TCP (Transmission Control Protocol) is a protocol used for reliable data transfer between devices, and small services typically refer to applications or services that use TCP ports with lower numbers. Disabling TCP small services would not address the SNMPv2 vulnerability.
Option C, port UDP 161 and 162, is the default port used by SNMP for communication, and disabling these ports would effectively disable SNMP. However, it is more precise to disable SNMPv2 instead of disabling the ports used by SNMPv2.
Option D, UDP small services, is not related to the vulnerability described in the scenario. UDP (User Datagram Protocol) is a protocol used for fast, unreliable data transfer between devices, and small services typically refer to applications or services that use UDP ports with lower numbers. Disabling UDP small services would not address the SNMPv2 vulnerability.
