guardicore · mssalvatore · May 15, 2023 · May 15, 2023 · May 15, 2023 · May 15, 2023
diff --git a/docs/content/reference/exploiters/SNMP.md b/docs/content/reference/exploiters/SNMP.md
@@ -0,0 +1,17 @@
+---
+title: "SNMP"
+date: 2023-05-15T12:53:22+00:00
+draft: false
+tags: ["exploit", "linux"]
+---
+
+The SNMP exploiter exploits [CVE-2020-15862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15862).
+
+
+### Description
+
+If a community is configured with read-write access, the machine is vulnerable to an attack using NET-SNMP-EXTEND-MIB to run arbitrary commands on the victim.
+
+In versions 1 and 2c of the SNMP protocol the only means of authentication is the community string. In these versions of SNMP, community strings are sent as plaintext in all requests. Version 3 adds user-based authentication and encryption to the SNMP protocol.
+
+This exploiter uses version 2c of the SNMP protocol. It brute-forces machines by using usernames and passwords provided by the user (see [configuration]({{< ref "/usage/configuration" >}}) for instructions) as SNMP community strings.
diff --git a/monkey/agent_plugins/exploiters/snmp/manifest.yaml b/monkey/agent_plugins/exploiters/snmp/manifest.yaml
@@ -25,3 +25,4 @@ remediation_suggestion: >-
     stolen/configured credentials or community strings. This attack was
     possible because the version of Net-SNMP running on the server has not had
     security patches applied.
+link_to_documentation: https://techdocs.akamai.com/infection-monkey/docs/snmp