US-CERT and others are warning enterprises about a critical vulnerability in the current version of the SNMP protocol, which could allow an attacker to bypass the protocol’s authentication mechanism and pose as a legitimate user. The flaw would let the attacker take any action that the legitimate user could take on the affected system. The vulnerability is in SNMPv3 and potentially affects dozens of vendors’ implementations of the protocol, including 3com, Cisco and others. US-CERT recommends that users contact their vendors to determine whether a particular product is vulnerable and see whether a patch is available.
The flaw lies in the SNMPv3 authentication mechanism, which uses keyed Hash Message Authentication Code (HMAC). An attacker could exploit the weakness by sending a specially crafted packet to an affected machine, and would be able to view and change the configuration of the compromised device. The Net-SNMP project has released an updated package that addresses the vulnerability, and affected vendors will likely be releasing patches in the coming days, as well.