CVE-1999-0517
published 1997-01-01CVE-1999-0517: An SNMP community name is the default (e.g. public), null, or missing.
PriorityP426medium5.9CVSS 3.1
AVLACLPRNUINSUCLILAL
EXPLOIT
EPSS
27.17%
97.8th percentile
An SNMP community name is the default (e.g. public), null, or missing.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| sun | sunos | — | — |
Detection & IOCsextracted from sources · hover to see the quote
portUDP/161
snort
alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP public access udp"; content:"public"; fast_pattern; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101411; rev:13; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
snort
alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"ET SNMP missing community string attempt 1"; content:"|30|"; depth:1; byte_test:1,!&,0x80,0,relative,big; content:"|02|"; distance:1; within:1; byte_test:1,!&,0x80,0,relative,big; byte_jump:1,0,relative; content:"|04 00|"; within:2; reference:bugtraq,2112; reference:cve,1999-0517; classtype:misc-attack; sid:2016178; rev:2; metadata:created_at 2013_01_09, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
snort
alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP null community string attempt"; content:"|04 01 00|"; depth:15; offset:5; reference:bugtraq,2112; reference:bugtraq,8974; reference:cve,1999-0517; classtype:misc-attack; sid:2101892; rev:7; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Major, updated_at 2019_07_26;)
bytes
|04 00|
bytes
|04 01 00|
- →SNMP requests using the default community string 'public' on UDP/161 are indicative of CVE-1999-0517 exploitation/reconnaissance. ↗
- →Detect SNMP packets with a missing (zero-length) community string by matching the ASN.1 byte sequence |04 00| (OCTET STRING of length 0) within the first few bytes of a UDP/161 packet.
- →Detect SNMP packets with a null/single-null-byte community string by matching the ASN.1 byte sequence |04 01 00| at depth 15, offset 5 in UDP/161 traffic.
- →Metasploit modules snmp_enum and snmp_login can be used to enumerate or brute-force SNMP community strings; their traffic patterns (default 'public' community, UDP/161) should be monitored. ↗
- ·The vulnerability applies when an SNMP community name is set to the default, null, or is entirely missing — all three conditions should be checked independently. ↗
- ·The GPL SNMP public access rule (sid:2101411) is classified as 'attempted-recon' and informational severity, meaning it fires on reconnaissance activity, not just confirmed exploitation.
- ·The GPL SNMP null community string rule (sid:2101892) is classified as 'misc-attack' with Major severity, distinguishing it from the informational public-community-string rules.
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET SNMP missing community string attempt 1
suricata·2013-01-09
CVE-1999-0517 ET SNMP missing community string attempt 1
ET SNMP missing community string attempt 1
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"ET SNMP missing community string attempt 1"; content:"|30|"; depth:1; byte_test:1,!&,0x80,0,relative,big; content:"|02|"; distance:1; within:1; byte_test:1,!&,0x80,0,relative,big; byte_jump:1,0,relative; content:"|04 00|"; within:2; reference:bugtraq,2112; reference:cve,1999-0517; classtype:misc-attack; sid:2016178; rev:2; metadata:created_at 2013_01_09, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Suricata
ET SNMP missing community string attempt 2
suricata·2013-01-09
CVE-1999-0517 ET SNMP missing community string attempt 2
ET SNMP missing community string attempt 2
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"ET SNMP missing community string attempt 2"; content:"|30|"; depth:1; byte_test:1,&,0x80,0,relative,big; byte_jump:1,0,relative; content:"|02|"; distance:-129; within:1; byte_test:1,&,0x80,0,relative,big; byte_jump:1,0,relative; content:"|04 00|"; distance:-129; within:2; reference:bugtraq,2112; reference:cve,1999-0517; classtype:misc-attack; sid:2016179; rev:2; metadata:created_at 2013_01_09, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Suricata
ET SNMP missing community string attempt 4
suricata·2013-01-09
CVE-1999-0517 ET SNMP missing community string attempt 4
ET SNMP missing community string attempt 4
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"ET SNMP missing community string attempt 4"; content:"|30|"; depth:1; byte_test:1,!&,0x80,0,relative,big; content:"|02|"; distance:1; within:1; byte_test:1,&,0x80,0,relative,big; byte_jump:1,0,relative; content:"|04 00|"; distance:-129; within:2; reference:bugtraq,2112; reference:cve,1999-0517; classtype:misc-attack; sid:2016181; rev:2; metadata:created_at 2013_01_09, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Suricata
GPL SNMP public access udp
suricata·2010-09-23
CVE-1999-0517 GPL SNMP public access udp
GPL SNMP public access udp
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP public access udp"; content:"public"; fast_pattern; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101411; rev:13; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
Suricata
GPL SNMP null community string attempt
suricata·2010-09-23
CVE-1999-0517 GPL SNMP null community string attempt
GPL SNMP null community string attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP null community string attempt"; content:"|04 01 00|"; depth:15; offset:5; reference:bugtraq,2112; reference:bugtraq,8974; reference:cve,1999-0517; classtype:misc-attack; sid:2101892; rev:7; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Major, updated_at 2019_07_26;)
Suricata
GPL SNMP public access tcp
suricata·2010-09-23
CVE-1999-0517 GPL SNMP public access tcp
GPL SNMP public access tcp
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP public access tcp"; flow:established,to_server; content:"public"; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,7212; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101412; rev:15; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Metasploit
SNMP Enumeration Module
metasploit
SNMP Enumeration Module
SNMP Enumeration Module
This module allows enumeration of any devices with SNMP protocol support. It supports hardware, software, and network information. The default community used is "public".
Metasploit
SNMP Community Login Scanner
metasploit
SNMP Community Login Scanner
SNMP Community Login Scanner
This module logs in to SNMP devices using common community names.
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0517https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0517https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-244https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-244/
1997-01-01
Published