SNMP vulnerability in disaster recovery node

DCIM_Support · ‎2020-07-05

This question was originally posted on DCIM Support by Michael on 2019-06-04

There have been a lot of discussions here about the default SNMPv1 community string but didn't find anything related to DCO Disaster recovery node (High Availability). The problem is that our security scanners are reporting a vulnerability since the DR seems to be using the default "public" even though we have disabled the SNMPv1 and in addition changed it from "public" to something else.

It seems that these configurations are not taken into use if the DR is not promoted to master? Scans were fine when the DR was the master but once dropped to being a DR, the same vulnerability was found.

DCIM_Support · ‎2020-07-05

This answer was originally posted on DCIM Support by Jef Faridi on 2019-06-04

Hi Michael,

SNMP v1 can be disabled both on the master node and the DR node, if haven't tried it yet, please go to server (both master and DR) webmin interface, StruxureWare DC Operation > Setup , un-check the v1 option for "Enable SNMP server", and then push the Setup button:

And then check your vulnerability scans to See if that helps, otherwise it would be great if I could have details about your scanning tool and its DCO related reports, thanks.

Kind regards

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Michael on 2019-06-04

Hi Jef!

The SNMPv1 is disabled on both servers. Before disabling, we also changed the community from "public" to something else. Master node passes the scans with no problems, so does the DR if it's promoted to master. But when it is in "standby" as a DR, the scans report: "Default or Guessable SNMP community names: public". So it seems it uses some default values when working as a DR. I'll ask some more information from our IT Security.

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Jef Faridi on 2019-06-04

Hi Michael,

Thanks for the info - I will send you an invite to my =S= box shortly so the data safely can be shared with me, thanks.

Kind regards

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Jef Faridi on 2019-06-04

Hi Michael,

What is the version of your DCO servers?

Kind regards

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Michael on 2019-06-04

Currently on 8.2.2.

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Jef Faridi on 2019-06-11

Hi Michael,

I have had a setup (DCO+DR node) using the latest release version (DCO 8.3) that were running the last few days. This setup were included in our daily security scanning without any SNMP security notifications.

In general, it is recommended to update the product (DCO) to latest release version, which should also contain OS related updates.

Kind regards

DCIM_Support · ‎2020-07-05

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.

Invite a Co-worker

Invitation Sent