SNMP: reword remediation suggestions

mssalvatore · mssalvatore · commit e514b9e414f7 · 2023-05-05T11:12:34.000-04:00
diff --git a/monkey/agent_plugins/exploiters/snmp/manifest.yaml b/monkey/agent_plugins/exploiters/snmp/manifest.yaml
@@ -12,10 +12,16 @@ safe: true
 remediation_suggestion: >-
     Configure SNMP to use read-only communities.
 
+    Apply security updates to your Net-SNMP installation.
+
     Limit access over SNMP to trusted hosts.
 
     Use SNMPv3 with the authPriv security level if possible.
 
 
-    The machine is vulnerable to an SNMP attack.
-    An Infection Monkey Agent executed a command over SNMP using stolen/configured credentials.
+    The machine is vulnerable to an attack on Net-SNMP via
+    [CVE-2020-15862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15862)
+    An Infection Monkey Agent executed a command over SNMP using
+    stolen/configured credentials or community strings. This attack was
+    possible because the version of Net-SNMP running on the server has not had
+    security patches applied.
