Bug ID 780745: TMSH allows creation of duplicate community strings for SNMP v1/v2 access

Last Modified: Jun 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 15.0.0

Opened: May 08, 2019
Severity: 3-Major

Symptoms

TMSH allows you to create multiple access records with the same IP protocol, same Source IP network, and same community string.

Impact

Unintended permissions can be provided when an undesired access record with the correct community string is matched to a request instead of the desired access record.

Conditions

Duplicate access records are created in TMSH.

Workaround

Use the Configuration Utility to manage SNMP v1/2c access records. (The GUI properly flags the error with the message: The specified SNMP community already exists in the database. If you use tmsh, ensure that community strings remain unique within each Source IP Network for each IP protocol.

Fix Information

None

Behavior Change