Simple Network Management Protocol (SNMP) authentication bypass affects devices from different vendors/brands, hackers could exploit the issue by simply sending random values in specific requests. The StringBleed vulnerability allows to a remote attacker to execute code on the vulnerable devices and gain “full read/write remote permissions using any string/integer value.”
Recommendations
The bug is difficult to solve since several vendors/brands are affected. Please check for the device firmware updates and ensure that SNMP is not directly accessible from the Internet.
References
- #Stringbleed(CVE-2017-5135)
- StringBleed SNMP Authentication Bypass affects numerous devices online
- StringBleed
Credits
The problem, dubbed StringBleed and tracked as CVE 2017-5135, was reported by the security researchers Ezequiel Fernandez and Bertin Bervis.
Technical details
The SNMP protocol supports three methods for client authentication and to authenticate requests on remote SNMP devices, two of them are affected by the authentication bypass issue. The StringBleed issue resides in the way SNMP agent in running on differed IoT devices handles a human-readable string datatype value called “community string” that SNMP version 1 and 2 use.
CVE 2017-5135