cbcvebase.
CVE-1999-0517
published 1997-01-01

CVE-1999-0517: An SNMP community name is the default (e.g. public), null, or missing.

PriorityP426medium5.9CVSS 3.1
AVLACLPRNUINSUCLILAL
EXPLOIT
EPSS
27.17%
97.8th percentile
An SNMP community name is the default (e.g. public), null, or missing.

Affected

3 ranges
VendorProductVersion rangeFixed in
hphp-ux
hphp-ux
sunsunos

Detection & IOCsextracted from sources · hover to see the quote

portUDP/161
snort
alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP public access udp"; content:"public"; fast_pattern; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101411; rev:13; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
snort
alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"ET SNMP missing community string attempt 1"; content:"|30|"; depth:1; byte_test:1,!&,0x80,0,relative,big; content:"|02|"; distance:1; within:1; byte_test:1,!&,0x80,0,relative,big; byte_jump:1,0,relative; content:"|04 00|"; within:2; reference:bugtraq,2112; reference:cve,1999-0517; classtype:misc-attack; sid:2016178; rev:2; metadata:created_at 2013_01_09, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
snort
alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP null community string attempt"; content:"|04 01 00|"; depth:15; offset:5; reference:bugtraq,2112; reference:bugtraq,8974; reference:cve,1999-0517; classtype:misc-attack; sid:2101892; rev:7; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Major, updated_at 2019_07_26;)
bytes
|04 00|
bytes
|04 01 00|
  • SNMP requests using the default community string 'public' on UDP/161 are indicative of CVE-1999-0517 exploitation/reconnaissance.
  • Detect SNMP packets with a missing (zero-length) community string by matching the ASN.1 byte sequence |04 00| (OCTET STRING of length 0) within the first few bytes of a UDP/161 packet.
  • Detect SNMP packets with a null/single-null-byte community string by matching the ASN.1 byte sequence |04 01 00| at depth 15, offset 5 in UDP/161 traffic.
  • Metasploit modules snmp_enum and snmp_login can be used to enumerate or brute-force SNMP community strings; their traffic patterns (default 'public' community, UDP/161) should be monitored.
  • ·The vulnerability applies when an SNMP community name is set to the default, null, or is entirely missing — all three conditions should be checked independently.
  • ·The GPL SNMP public access rule (sid:2101411) is classified as 'attempted-recon' and informational severity, meaning it fires on reconnaissance activity, not just confirmed exploitation.
  • ·The GPL SNMP null community string rule (sid:2101892) is classified as 'misc-attack' with Major severity, distinguishing it from the informational public-community-string rules.

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.