SNMP pentest vulnerability detected in Policy Server
search cancel

SNMP pentest vulnerability detected in Policy Server


Article ID: 275077


Updated On:





Running Policy Server configured with SNMP stack, this one allows:

 1) The "SNMP 'GETBULK' Reflection DDoS";
 2) Default SNMP Community Strings;
 3) SNMP Agent Default Community Name;



  1. Title : SNMP 'GETBULK' Reflection DDoS

    At first glance, it's recommended to disable this service if it isn't in use with the Policy Server (1).
    More, according to the same page above, the vulnerability concerns the Agent software, which one is provided by the Operating System (OS) (2).
    So said, only the software net-snmp version and below are affected. This problem is outside the Policy Server code.

  2. Title: Default SNMP Community Strings

    As per Nessus documentation, this one affects the snmp service configuration, and as such is out of SiteMinder scope (3).

  3. Title : SNMP Agent Default Community Name

    This one is also out of SiteMinder scope and concerns only the service and its OS (4).


These vulnerabilities are outside the Policy Server code.

Work with your Vendor support and/or OS Administrator to mitigate them.


Additional Information


     SNMP 'GETBULK' Reflection DDoS




     2.2.24 Ensure default SNMP community strings don't exist


     SNMP Agent Default Community Name (public)