SNMP contains a flaw that may allow a malicious user to guess the public and private community string. The issue is due to the insufficient access control in SNMP protocol. SNMP uses the public/private community strings to control read/write access to a network device information. Using default values set by vendors or by brute forcing the community strings, a remote attacker can guess a public/private community string to gather or modify the unauthorized network device information, resulting in a a loss of confidentiality, integrity, and/or availability.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Disable or remove the SNMP Service if it is not required.
Create a strong community strings.