Cisco Bug: CSCuj73038 - N7K: disable non-essential service SNMP by default (SEC-OFF-DEFT-2)
Aug 06, 2018
- Cisco Nexus 7000 Series Switches
Known Affected Releases
Symptom: Cisco Nexus devices enable the SNMP interface by default. This is a violation of the Cisco Product Security Baseline, non-critical protocols and ports should be disabled by default and require explicit configuration before listening on a network interface. Currently on the switch there will be admin user configured which is mandate while booting the system image. And when there is a user configured on the switch then SecurityD will push that user to snmp. Once we have a user in our snmp userList, users can poll snmp with that username and passwd(snmpv3). Conditions: Devices running an affected version of Cisco NX-OS Software So currently if we disable the snmp port bind then there being a admin usera aslo no body can poll snmp. So that becomes a problem.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases