What credentials are used for a vulnerability scan using SNMP authentication on Cisco devices?

Document created by eschamp on Nov 30, 2010Last modified by eschamp on Jan 3, 2012
Version 4Show Document
  • View in full screen mode


What  credentials are used on the SNMP vulnerability scan on Cisco devices?



For a vulnerability scan, the  authentication on SNMP is based on a password called a "community  string". Each "community string" may be configured inside the SNMP  daemon that runs on the device to have  access to different "Views" of  the information available on the MIB.


The user provides the community  strings for the authentication records using the QualysGuard web  interface. Besides the community strings provided by the user, the scan  tries several default community strings such as public, private, system,  test, admin, access, and many more.


Currently "ENABLE" password or  enabled access is not supported in Cisco/Unix Auth. As you can see from  the current commands we run basically "sh" commands so ENABLED rights  are not necessary. If the "Password Brute Forcing" option is checked  within the option profile, the system will also try some other common  names. The more information that is available for the given community  string, the more accurate the scan will be.



Qualys Support KnowledgeBase





ID:  0001.001.613.000