Many systems that are used for network management are vulnerable to remote exploits via the Simple Network Management Protocol (SNMP).
SNMP Attacks Can Be Used to Exploit Network Management Systems
The security company Rapid7 has reported that a lot of network management devices are vulnerable to SNMP attacks. Experts have disclosed a total of 13 issues in products from nine vendors that allow malicious users to conduct cross-site scripting attacks using the SNMP protocol. The nine product manufacturers are Spiceworks, Ipswitch, Castle Rock, ManageEngine, CloudView, Paessler, Opmantek, Opsview, and Netikus.
Most contemporary systems are managed via graphical user interfaces accessed through a web interface. SNMP is used by default to manage, and track systems on the connected networks and the systems can be configured to automatically receive SNMP information from other hosts.
Such products are an ideal target because they hold constantly maintain the information about network status and services in real-time. These devices can provide attackers with ideal conditions of carrying out intrusions as harvested intelligence data can reveal the network topology and connected devices.
The discovered security issue is linked to the fact that they trust all incoming data received from a newly connected device without validating the data properly before processing. Malicious users use this as a clever tactic by implanting a rogue device on the target network and deliver a persistent cross-site scripting payload. Because the update frequency of most systems is quite high, the code will be executed almost instantly, and thus the security measures can be compromised. The researchers note that small and stealthy devices such as the Raspberry Pi or the Beaglebone can be used by the criminals. Placing such “malicious drops” in a crowded place like an airport or a conference room where target systems can be used, makes this a very threat to security.
All of the product vendors are notified of the security issues, and all known vulnerabilities are now patched.