New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNMP community is hard coded to public #260

Open

MicSkr opened this issue Jul 20, 2023 · 0 comments

Labels

MicSkr commented Jul 20, 2023 •

edited

Loading

Environment

Telemetry Streaming Version: 1.33
BIG-IP Version: N/A

Summary

SNMP community is hard coded to public
No way to specify SNMP Community.

Good Security practices include removing SNMP community strings or changing from public.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108 (Search for "community" to understand)

Steps To Reproduce

Steps to reproduce the behavior:

Submit the following declaration:
Anything using the example SNMP declaration as a model
https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/declarations.html#querying-snmp-using-a-custom-endpoint
Change SNMP community string from Public
https://www.cisa.gov/news-events/news/securing-network-infrastructure-devices
https://www.cisa.gov/news-events/alerts/2017/06/05/reducing-risk-snmp-abuse
Observe the following error response:
Any device where a custom community string has been configured does not produce SNMP

Expected Behavior

Include a field which can specify the SNMP community

Actual Behavior

Hard Coded Community String here, Line 121 of lib/systemStats.js

f5-telemetry-streaming/src/lib/systemStats.js

Line 121 in 2085543

    
           utilCmdArgs: `-c "snmpwalk -L n -O ${additionalOptions}QUs -c public localhost ${endpoints[endpoint].path}"`

MicSkr added bug untriaged labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment