Cisco IOS SNMP Community string write privileges.

2018-04-18T00:00:00
ID CISCO_SNMP_WRITE.NASL
Type nessus
Reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2018-04-18T00:00:00

Description

According to its configuration, the Cisco IOS on the remote device has a SNMP community string with write access. This could allow remote configuration of the device, including copying and overwriting the running-config.

                                        
                                            #TRUSTED 8bff5a7b665a58290a4d6027981db7fd2d4e5fac446e4cef2964f366c1fd81316799de6b84b6bdd46fb82875c3becdc81db228f5d991f2fd3ac447d66af6826dc1b5a00902e5c1d0de2366554f4fbeaa9d7b295fe1ff077ee536cd8666a72656580536ceaa8a696b5cec407704035b307e1ae75a362241f6c8017693fdebdfc00c7252fa0ec3ccad93b58077154a3d593b8a1e78cab90268e4c0f053a79d73e13575fcdcb84d9c845c5183c03aebb928f30d6b4f48056c921d95765a5d37e3de3237590e5c59b553fcdf2f5156fb4b171479fdf483ae7cdd972556975165871e9d98e8617df4a4380f4027de36375112efda0e024e2e2d6858ef379e51a861e3699e1a9ac612bcc03fc5ede0b989e394b28dd2e3e9590dedbae89424f47cfe9220afa030007484889f89f1d0888a57190be7581fb80696590a5f081491e2855a6bf4411acabf1988200529a95e6dca2de8e204e5edae7e89bcb00324fa57b84de006039b7f51b234ec8aaf53cfef05d3f01f013baefe8641beb6dc41cdbd6cba7e3d76d9248e911ad37ea210b2d12c54d8e30f42faa290aeafb02d10396ac67c64d510d7bf1b31be3cbd789b3cbf043f05d16ed397be4c035a87d0bf03c515d866283a907ac5a31a1cc27d0790ee704e3745cb74a1a18d23fabe50c9337a51b73aa143fc773e9dacc426acf8cd3a21ab6c7eb52beb2145a20de6b440165e8299
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(109118);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/04/18");

  script_name(english:"Cisco IOS SNMP Community string write privileges.");
  script_summary(english:"Checks the IOS configuration.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is has a SNMP community string with write privileges.");
  script_set_attribute(attribute:"description", value:
"According to its configuration, the Cisco IOS on the remote device
has a SNMP community string with write access. This could allow remote
configuration of the device, including copying and overwriting the
running-config.");
  script_set_attribute(attribute:"solution", value:
"Ensure this acocunt is supposed to have write access and that only
the expected MIBs are enabled on the SNMP server.");
  script_set_attribute(attribute:"risk_factor", value:"Low");

  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

get_kb_item_or_exit("Host/Cisco/IOS/Version");

communities = NULL;

if (get_kb_item("Host/local_checks_enabled"))
{
  buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config_snmp", "show running-config | include snmp");
  if (check_cisco_result(buf))
  {
    lines = split(buf, sep:'\n');
    foreach line (lines)
    {
       match = pregmatch(multiline:TRUE, pattern:"snmp-server community ([A-z]+) RW", string:line);
       if (!isnull(match))
       {
         communities += '    - ' + san_str(str:match[1]) + '\n';
       }
    }
  }
  else if (cisco_needs_enable(buf)) exit(0, "Enable credentials were not provided.");
}

if (communities)
{
  report = '\n  The following communities have write access:\n' + communities;
  security_report_v4(
    port     : 0,
    severity : SECURITY_NOTE,
    extra    : report
  );
}
else audit(AUDIT_HOST_NOT, "affected");