Vulners
Lucene search
#TRUSTED ad3f6c492cb9b50d4e824b8647d442fa06ea4cd0969d66eeba5a3e84f9233adf3ffda616589fbf69f54773232043bc8a8068ff9f5098b00e4c0124fe60bd2ede983cfeed43813350571d0bd17245e9c9b509ed81317f6636e5244e4fefd6535527aeecb3f7340d7efe6f983aa6a8cd3035e5f4bdd317ace4f0feaa776cc2b82dc76c2f96819f60e33b305793c0d6a394ab174a5d5e642699093abab888b863d24c64117d1f36316b3924239f38838b2f5c67d65f0a14dacf093b846e014a17ce7189b6a7bc8ad416ee0e061fd36a0d3ebcc79db949ca68ae37217dd7975f02f484c2d362e1b06f7a6375be2d2c46f98f218bb1d9c3c1ca543218e204ada005afcf2c469e5b0e4ae53eb87da915c276e08517715fdab3f24f9634c50510e4d7a42534226047a6ee390234c4472d382f30fba90b6fdfa8360c1ad7623f516c8be7da0d0c0af4f4705ced5d6f59acd204a74b5f9c1d9655291df0fc9d64750e8567d23091d0c11267425cf2131d4296461308272a7d721f52792ac78e8dea21ba7a4ccf02a6a93ec1ef4715bb91f0755999e202b18f2e5195c270d2e78ac90a9ca767de849e61007bb495e976bce13ad4662c3608ff8616c2cab8e3323d01aa027090700720b3ec675fb53b9b9708607dd0773ae5e03274b36cff69c95682ecae114b6ce05ea98f726e231103ff3b4b9e5a17b6d434b0870e150ca6f3cc511296da
#TRUST-RSA-SHA256 174a43c94614f33d513bb989a2fca664d73a079f6d6b48441773dff437bfb3f07a4081637195d7db3e35cd53605e3c24ffbc3b17e56ff3f415c4d3ee918a154d5eca9dd63871df42af55030e29df041ae15a2ddaa0d5e0cc647fd17bc5d5391a021c84c9b32a83695e15e067db53a595cc8f253e6f26e9e3f98e8ebae8e2dbaaf8a07f46eb998b7a0d81b2c9ec15609f8d325de11396a325140dff5feded50e9fda6948badca18765b2f77d7030aa34f36651ca61aebd0942ef147e8306c7a881cc30ab78d3715d7aac5f8b5b79367f9d41fff835822fe030980dbf7ce6777942869b6f29d36ef8a177a2be29ef14aa6ed80827e8b535b7efccdfe11da9ca39b3f6091268741dc9b214040becd5a46c8489ec90e1cd05a21fcbcffaac177d9b3634dbed6a0034d724ead9859f024aa992bc84c665d697fc8a9832a158d452c657dba461fc3a656377d60b2383cd193deb86bef677391101f9b1f7431801a2ee4336e39c9ba9dec7cbe8f4f18e156e17ac60c7dc797e130fceefaa027105a61fa7ebc25716c86ee1d111131440b80fa299a1c758896cfed288d724de9436ab0b46e84b5c97e8f3617c7d0be01141bc206f7dd09805709113fbc40fe56516802f343122b2f0aa7842af340cf6cfbcdf9759fccadfd260559f1ea1553ab901a21a2e6cf9ceeb0ced5a1bfe3d8d1ff220d5c3865e09ca5cf36aac11110a80d2cbe79
#
# (C) Tenable Network Security, Inc.
#
# @PREFERENCES@
MAX_ADDITIONAL_SNMP_COMMUNITIES = 3;
MAX_ADDITIONAL_SNMP_PORTS = 3;
include("compat.inc");
if (description)
{
script_id(19762);
script_version("1.40");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/17");
script_name(english:"SNMP settings");
script_summary(english:"Sets SNMP settings.");
script_set_attribute(attribute:"synopsis", value:"Sets SNMP settings.");
script_set_attribute(attribute:"description", value:
"This script just sets global variables (SNMP community string and
SNMP port) and does not perform any security checks.");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_copyright(english:"This script is Copyright (C) 2005-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_category(ACT_GATHER_INFO);
script_family(english:"Settings");
script_add_preference(name:"Community name :", type:"entry", value:"public");
for ( var i = 1 ; i <= MAX_ADDITIONAL_SNMP_COMMUNITIES ; i ++ )
script_add_preference(name:"Community name (" + i + ") :", type:"entry", value:"");
script_add_preference(name:"UDP port :", type:"entry", value:"161");
for ( i = 1 ; i <= MAX_ADDITIONAL_SNMP_PORTS ; i ++ )
script_add_preference(name:"Additional UDP port (" + i + ") :", type:"entry", value:"");
script_add_preference(name:"SNMPv3 user name :", type:"entry", value:"");
script_add_preference(name:"SNMPv3 authentication password :", type:"password", value:"");
script_add_preference(name:"SNMPv3 authentication algorithm :", type:"radio", value:"MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512");
script_add_preference(name:"SNMPv3 privacy password :", type:"password", value:"");
script_add_preference(name:"SNMPv3 privacy algorithm :", type:"radio", value:"AES;AES192;AES192C;AES256;AES256C;DES");
for ( i = 1 ; i <= 5 ; i ++ )
{
script_add_preference(name:"SNMPv3 user name (" + i + ") : ",
type:"entry",
value:"");
script_add_preference(name:"SNMPv3 authentication algorithm (" + i + ") : ",
type:"radio",
value:"MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512");
script_add_preference(name:"SNMPv3 privacy algorithm (" + i + ") : ",
type:"radio",
value:"AES;AES192;AES192C;AES256;AES256C;DES");
}
exit(0);
}
include ("snmp_func.inc");
include ("debug.inc");
include ("pam_get_credentials.inc");
var snmp_port = 0;
var highest_snmp_version_so_far = NULL;
function skip_check()
{
var policy_name = get_preference('@internal@policy_name'); # =Host Discovery
var fast_discovery = get_preference('Ping the remote host[checkbox]:Fast network discovery'); # =no
var discovery_mode = get_preference('discovery_mode'); # =custom
var syn_scan_status = get_preference('plugin_selection.individual_plugin.11219'); # =disabled
var udp_scan_status = get_preference('plugin_selection.individual_plugin.34277'); # =disabled
var dont_scan_printers = get_preference('Do not scan fragile devices[checkbox]:Scan Network Printers'); # =no
var netstat_snmp = get_preference('local_portscan.snmp'); # =no
if(policy_name == 'Host Discovery' &&
discovery_mode == 'custom' &&
dont_scan_printers == 'no' &&
(isnull(netstat_snmp) || netstat_snmp == 'no') &&
fast_discovery == 'no' &&
syn_scan_status = 'disabled' &&
udp_scan_status = 'disabled')
return TRUE;
return FALSE;
}
function do_initial_snmp_get( community, ports )
{
local_var port, soc, index;
if (isnull(community) || strlen(community) == 0) return NULL;
foreach port (ports)
{
soc = open_sock_udp(port);
if (soc)
{
index = snmp_request_next(socket:soc, community:community, oid:"1.3.6.1.2.1.1.1.0", timeout:2);
close(soc);
if (
!isnull(index) &&
# Sun ...
index[1] != "/var/snmp/snmpdx.st" &&
index[1] != "/etc/snmp/conf" &&
# HP MSL 8048
index[0] != "1.3.6.1.2.1.11.6.0"
)
{
snmp_port = port;
return index;
}
}
}
return NULL;
}
if(skip_check())
exit(0, 'Plugin pulled in through dependencies, check is not necessary.');
index = community = NULL;
p = script_get_preference("UDP port :");
if (!p) p = 161;
ports = make_list(p);
for (i=1; i<=MAX_ADDITIONAL_SNMP_PORTS; i++)
{
p = script_get_preference("Additional UDP port (" + i + ") :");
if (!isnull(p))
{
p = int(p);
if (p >= 1 && p <= 65535) ports = make_list(ports, p);
}
}
ports = list_uniq(ports);
# SNMPv3
var snmpv3_prefix = "";
var snmpv3_postfix = " :";
var snmpv3_pam_creds;
var snmpv3priv_pam_creds;
var snmpv3_auth;
var snmpv3_priv;
var snmpv3_array_list = [];
var snmpv3_user = script_get_preference("SNMPv3 user name :");
var snmpv3_auth = script_get_preference("SNMPv3 authentication password :");
var snmpv3_aalg = script_get_preference("SNMPv3 authentication algorithm :");
var snmpv3_priv = script_get_preference("SNMPv3 privacy password :");
var snmpv3_palg = script_get_preference("SNMPv3 privacy algorithm :");
var snmpv3_port = script_get_preference("SNMPv3 port :");
var pam_username = script_get_preference("PAM User :");
# Check authenticaton method for SNMPv3
var auth_method = script_get_preference("SNMPv3 authentication method :");
#set auth_method to Password Entry if security center does not have support for PAM
if (empty_or_null(auth_method))
{
auth_method = "Password Entry";
}
# Check if using PAM for SNMPv3 Method
if ("Password" >< auth_method)
{
snmpv3_auth = script_get_preference("SNMPv3 authentication password :");
snmpv3_priv = script_get_preference("SNMPv3 privacy password :");
}
else if ("CyberArk" >< auth_method && "Secrets Manager" >< auth_method)
{
# CyberArk Secrets Manager (aka 'conjur')
snmpv3_pam_creds = pamcreds::get_creds_from_pam(username:pam_username, prefix:snmpv3_prefix, postfix:snmpv3_postfix, auth_method:auth_method);
snmpv3_auth = snmpv3_pam_creds.password;
snmpv3_priv = snmpv3_pam_creds.priv_password;
}
else if("CyberArk" >< auth_method)
{
snmpv3_pam_creds = pamcreds::get_creds_from_pam(username:pam_username, prefix:snmpv3_prefix, postfix:snmpv3_postfix, auth_method:auth_method, policy_id:"SNMPv3");
snmpv3_auth = snmpv3_pam_creds.password;
snmpv3priv_pam_creds = pamcreds::get_creds_from_pam(username:pam_username, prefix:snmpv3_prefix, postfix:snmpv3_postfix, auth_method:auth_method, policy_id:"SNMPv3PrivacyKey");
snmpv3_priv = snmpv3priv_pam_creds.password;
}
else if("Hashicorp" >< auth_method)
{
snmpv3_pam_creds = pamcreds::get_creds_from_pam(username:pam_username, prefix:snmpv3_prefix, postfix:snmpv3_postfix, auth_method:auth_method);
snmpv3_auth = snmpv3_pam_creds.auth_password;
snmpv3_priv = snmpv3_pam_creds.priv_password;
}
if (!empty_or_null(snmpv3_user))
{
# replace_kb_item this one later when we actually test the credentials
set_kb_item( name:"SNMP/v3/username", value:snmpv3_user );
append_element(var:snmpv3_array_list, value:{
"username": snmpv3_user,
"authpass": snmpv3_auth,
"authalg": snmpv3_aalg,
"privpass": snmpv3_priv,
"privalg": snmpv3_palg,
"port": snmpv3_port
});
# keys used by integration status
replace_kb_item(name:"SNMP/0/cred_type", value:auth_method);
if (snmpv3_auth)
replace_kb_item(name:"SNMP/0/auth_pass", value:"yes");
}
# Collects all Additional SNMPv3 Credentials from the UI
var CREDENTIAL_LIMIT = 100;
for (var i = 1; i <= CREDENTIAL_LIMIT; i++)
{
snmpv3_user = script_get_preference("SNMPv3 user name (" + i + ") :");
if (empty_or_null(snmpv3_user)) break;
snmpv3_aalg = script_get_preference("SNMPv3 authentication algorithm (" + i + ") :");
snmpv3_palg = script_get_preference("SNMPv3 privacy algorithm (" + i + ") :");
snmpv3_port = script_get_preference("SNMPv3 port (" + i + ") :");
var pam_username = script_get_preference("PAM User :");
# Check authenticaton method for SNMPv3
var auth_method = script_get_preference("SNMPv3 authentication method (" + i + ") :");
snmpv3_postfix = " (" + i + ") :";
#set auth_method to Password Entry if security center does not have support for PAM
if (empty_or_null(auth_method))
{
auth_method = "Password Entry";
}
# Check if using PAM for SNMPv3 Method
if ("Password" >< auth_method)
{
snmpv3_auth = script_get_preference("SNMPv3 authentication password (" + i + ") :");
snmpv3_priv = script_get_preference("SNMPv3 privacy password (" + i + ") :");
}
else if ("CyberArk" >< auth_method && "Secrets Manager" >< auth_method)
{
# CyberArk Secrets Manager (aka 'conjur')
snmpv3_pam_creds = pamcreds::get_creds_from_pam(username:pam_username, prefix:snmpv3_prefix, postfix:snmpv3_postfix, auth_method:auth_method);
snmpv3_auth = snmpv3_pam_creds.password;
snmpv3_priv = snmpv3_pam_creds.priv_password;
}
else if("CyberArk" >< auth_method)
{
snmpv3_pam_creds = pamcreds::get_creds_from_pam(username:pam_username, prefix:snmpv3_prefix, postfix:snmpv3_postfix, auth_method:auth_method, policy_id:"SNMPv3");
snmpv3_auth = snmpv3_pam_creds.password;
snmpv3priv_pam_creds = pamcreds::get_creds_from_pam(username:pam_username, prefix:snmpv3_prefix, postfix:snmpv3_postfix, auth_method:auth_method, policy_id:"SNMPv3PrivacyKey");
snmpv3_priv = snmpv3priv_pam_creds.password;
}
else if("Hashicorp" >< auth_method)
{
snmpv3_pam_creds = pamcreds::get_creds_from_pam(username:pam_username, prefix:snmpv3_prefix, postfix:snmpv3_postfix, auth_method:auth_method);
snmpv3_auth = snmpv3_pam_creds.auth_password;
snmpv3_priv = snmpv3_pam_creds.priv_password;
}
if (!empty_or_null(snmpv3_user))
{
append_element(var:snmpv3_array_list, value:{
"username": snmpv3_user,
"authpass": snmpv3_auth,
"authalg": snmpv3_aalg,
"privpass": snmpv3_priv,
"privalg": snmpv3_palg,
"port": snmpv3_port
});
# keys used by integration_status
replace_kb_item(name:"SNMP/" + i + "/cred_type", value:auth_method);
if (snmpv3_auth)
replace_kb_item(name:"SNMP/" + i + "/auth_pass", value:"yes");
}
}
foreach var snmpv3_creds (snmpv3_array_list)
{
# Zero out internal snmpv3 values so we aren't operating against old data
creds = make_list( '', '', '', '', '', '' );
rm_kb_item(name:'Secret/SNMP/v3/LocalizedAuthKey');
rm_kb_item(name:'Secret/SNMP/v3/LocalizedPrivKey');
snmpv3_user = snmpv3_creds["username"];
snmpv3_auth = snmpv3_creds["authpass"];
snmpv3_aalg = snmpv3_creds["authalg"];
snmpv3_priv = snmpv3_creds["privpass"];
snmpv3_palg = snmpv3_creds["privalg"];
snmpv3_port = snmpv3_creds["port"];
# set defaults for Nessus < 6.x and SC < 5.x
# Nessus will send the default value as the entire list (e.g. "MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512")
# SC will send the default as the empty string
if ('MD5' >< snmpv3_aalg || snmpv3_aalg == '')
snmpv3_aalg = 'MD5';
if ('AES;' >< snmpv3_palg || snmpv3_palg == '')
snmpv3_palg = 'AES';
# Determine what level of SNMPv3 authentication has been requested.
if ( snmpv3_user && snmpv3_auth && snmpv3_aalg && snmpv3_priv && snmpv3_palg )
snmpv3_security_level = USM_LEVEL_AUTH_PRIV; # authPriv
else if ( snmpv3_user && snmpv3_auth && snmpv3_aalg )
snmpv3_security_level = USM_LEVEL_AUTH_NO_PRIV; # authNoPriv
else
snmpv3_security_level = USM_LEVEL_NO_AUTH_NO_PRIV; # noAuthNoPriv
auth_blob = base64( str:snmpv3_user + ';x;'+
snmpv3_aalg + ';x;'+
snmpv3_palg + ';'+
snmpv3_security_level );
community = ';' + auth_blob;
SNMP_VERSION = 3; # SNMPv3
replace_kb_item(name:'Secret/SNMP/v3/auth_password', value:snmpv3_auth);
replace_kb_item(name:'Secret/SNMP/v3/priv_password', value:snmpv3_priv);
snmpv3_ports = ports;
if (snmpv3_port)
snmpv3_ports = [snmpv3_port];
index = do_initial_snmp_get(community:community, ports:snmpv3_ports);
if (!isnull(index))
{
# Successful SNMPv3 connection
replace_kb_item(name:"SNMP/v3/username", value:snmpv3_user );
highest_snmp_version_so_far = 3; # v3
break;
}
}
community_names = make_list();
community_v1_v2c = script_get_preference( 'Community name :' );
if (empty_or_null(community_v1_v2c))
{
community_v1_v2c = "public";
set_kb_item(name:"SNMP/public/default", value:TRUE);
}
else
{
set_kb_item(name:'SNMP/community_name/0', value:community_v1_v2c);
community_names = make_list(community_names, community_v1_v2c);
community_name = '';
for (i = 1; i <= MAX_ADDITIONAL_SNMP_COMMUNITIES; i++)
{
community_name = '';
community_name = script_get_preference( 'Community name (' + i + ') :' );
if (!empty_or_null(community_name))
{
community_names = make_list(community_names, community_name);
set_kb_item(name:'SNMP/community_name/'+i, value:community_name);
}
}
}
if (isnull(index))
{
set_kb_item(name:"SNMP/v3/FAILED", value:TRUE);
SNMP_VERSION = 1; # SNMPv2c
index = do_initial_snmp_get(community:community_v1_v2c, ports:ports);
if ( index )
{
community = community_v1_v2c;
snmpv3_user = community;
highest_snmp_version_so_far = 1; # v2c
}
}
if (isnull(index))
{
SNMP_VERSION = 0; # SNMPv1
index = do_initial_snmp_get(community:community_v1_v2c, ports:ports);
if ( index )
{
community = community_v1_v2c;
snmpv3_user = community;
highest_snmp_version_so_far = 0; # v1
}
}
if ( isnull(index) )
{
for ( i = 1 ; i <= MAX_ADDITIONAL_SNMP_COMMUNITIES || strlen(community_v1_v2c) > 0 ; i ++ )
{
community_v1_v2c = script_get_preference( 'Community name (' + i + ') :' );
if ( strlen(community_v1_v2c) == 0 ) continue;
SNMP_VERSION = 1; # SNMPv2c
index = do_initial_snmp_get(community:community_v1_v2c, ports:ports);
if ( index )
{
community = community_v1_v2c;
snmpv3_user = community;
break;
highest_snmp_version_so_far = 1; # v2c
}
SNMP_VERSION = 0; # SNMPv1
index = do_initial_snmp_get(community:community_v1_v2c, ports:ports);
if ( index )
{
community = community_v1_v2c;
snmpv3_user = community;
highest_snmp_version_so_far = 0; # v1
break;
}
}
}
# snmp_port is 0 if index is null
if (isnull(index))
{
err = '';
# v3
if (!empty_or_null(snmpv3_ports))
{
foreach var port (snmpv3_ports)
{
if (!get_port_state(port)) continue;
err = 'Failed to authenticate using the supplied credentials.';
snmp_set_kb_auth_failure(port:port, login:snmpv3_user, error:err, snmp_ver:3);
}
}
# snmp < v3
# if (!empty_or_null(ports))
# {
# foreach port (ports)
# {
# if (!get_port_state(port)) continue;
# err = 'Failed to authenticate using the supplied community string.';
# foreach name (community_names)
# {
# snmp_set_kb_auth_failure(port:port, login:name, error:err, snmp_ver:2);
# }
# }
# }
set_kb_item(name:'SNMP/auth_failed', value:TRUE);
exit(0, "Not able to authenticate via SNMP.");
}
if (!snmp_port) exit (1, "Failed to identify the SNMP port.");
# Mark the port as open; we're clearly connected to it by now
replace_kb_item(name:'Ports/udp/' + snmp_port, value:1);
set_kb_item( name:"SNMP/community", value:community );
set_kb_item( name:"SNMP/community_v1_v2c", value:community_v1_v2c );
set_kb_item( name:"SNMP/port", value:snmp_port );
set_kb_item( name:"SNMP/version", value:highest_snmp_version_so_far );
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:
'Successful SNMP connection with SNMP version:' + SNMP_VERSION);
if (!empty_or_null(snmpv3_ports))
snmp_set_kb_auth_success(port:snmp_port, login:snmpv3_user, snmp_ver:3);
if(SNMP_VERSION < 3)
{
report = 'The remote SNMP server accepts cleartext community strings.';
set_kb_item(name:"PCI/ClearTextCreds/" + snmp_port, value:report);
}
if ( SNMP_VERSION == 0 ) set_kb_item( name:"SNMP/version_v1", value:TRUE);
register_service(port:snmp_port, proto:"snmp", ipproto:"udp");
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Feb 2026 00:00Current
5.4Medium risk
Vulners AI Score5.4