News

Cisco Warns of SNMP Vulnerability

Researchers have found a pair of vulnerabilities in version 3 of the Simple Network Management Protocol (SNMPv3) that could allow attackers to gather system data or even change network equipment configurations, according to an advisory issued by Cisco Systems earlier this week.

SNMP is a standardized protocol used for remotely monitoring and managing network devices. This security can be exploited by sending malformed SNMPv3 messages. Machines running SNMPv3 will accept incomplete authentication packets, allowing a malicious user with a valid username for that machine to guess at authentication code.

Multiple Cisco products are vulnerable to this exploitation, though SNMP is disabled by default in Cisco gear. Equipment running the Cisco IOS, CatOS and the IOS-XR operating systems may be vulnerable. Administrations should log in to such equipment to find out which version of SNMP the equipment runs. Only version 3 of SNMP is affected.

Cisco's advisory offers links to patches and describes how administrators can change their equipment's setting to guard against exploitation.

In addition to certain Cisco products, network equipment by other vendors using SNMPv3 may also affected, including gear sold by 3Com, Apple Computer, Avaya, CA, EMC, Hewlett-Packard, Juniper Networks, McAfee, Network Appliance, Red Hat, Sun Microsystems and others, according to the United States Computer Emergency Response Team (US-CERT).

This vulnerability has been assigned Vulnerability Note VU#878044 by US-CERT and identifier CVE-2008-0960 in the Common Vulnerabilities and Exposures (CVE) database.

About the Author

Joab Jackson is the chief technology editor of Government Computing News (GCN.com).

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.