Legacy SNMP versions 1 and 2c send community strings in cleartext with no authentication or encryption. In financial mainframe environments that operate IBM z/OS and are tied to Cisco IOS equipment, attackers actively exploit SNMPv2c as an attack vector. This paper quantifies the reduction in risk that can be achieved by deploying SNMPv3 in IBM z/OS 2.5, Cisco IOS-XE, SolarWinds network management systems, and a variety of operating-system environments, using the authenticated privacy (authPriv) mode defined in RFCs 3411 to 3415 and 3826, as well as HMAC-SHA-96 and AES-128. Each of these platforms outlines and verifies a five-phase, repeatable migration process. Using the FAIR (Factor Analysis of Information Risk) method of risk analysis, the loss from the exploitation of SNMP in mainframe environments indicates a 90 to 96 percent reduction in expected annual loss under stated assumptions (a drop from $1.1M to $4.5M under SNMPv2c to $40K to $250K in SNMPv3). This methodology covers these important points in z/OS migration: coexistence with an existing system, asset discovery and documentation of your RACF settings and views, design of your engineID management plan, and validation of your cutover strategy. This paper aligns with the PCI-DSS v 4.0, NIST SP 800-53 Rev. 5, and NSA/CISA guidance for mainframe migrations and includes a checklist that security architects and mainframe operations teams can apply while implementing and validating the migration process.

1. D. Harrington, R. Presuhn, and B. Wijnen, “An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks,” IETF RFC 3411, Dec. 2002, doi: 10.17487/RFC3411.
2. U. Blumenthal and B. Wijnen, “User-based Security Model (USM) for Version 3 of the Simple Network Management Protocol (SNMPv3),” IETF RFC 3414, Dec. 2002, doi: 10.17487/RFC3414.
3. B. Wijnen, R. Presuhn, and K. McCloghrie, “View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP),” IETF RFC 3415, Dec. 2002, doi: 10.17487/RFC3415.
4. U. Blumenthal, F. Maino, and K. McCloghrie, “The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model,” IETF RFC 3826, Jun. 2004, doi: 10.17487/RFC3826.
5. J. Case, R. Mundy, D. Partain, and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” IETF RFC 3410, Dec. 2002, doi: 10.17487/RFC3410.
6. Cybersecurity and Infrastructure Security Agency, “Reducing the Risk of SNMP Abuse,” Alert TA17-156A, Jun. 5, 2017. Available online: https://www.cisa.gov/news-events/alerts/2017/06/05/reducing-risk-snmp-abuse.
7. National Security Agency, “Network Infrastructure Security Guide,” Cybersecurity Technical Report U/OO/118623-22, ver. 1.2, Oct. 2023. Available online: https://media.defense.gov.
8. National Cyber Security Centre, National Security Agency, Cybersecurity and Infrastructure Security Agency, and Federal Bureau of Investigation, “APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers,” Joint Advisory, Apr. 2023. Available online: https://www.ncsc.gov.uk.
9. Cybersecurity and Infrastructure Security Agency, “Enhanced Visibility and Hardening Guidance for Communications Infrastructure,” Dec. 2024. Available online: https://www.cisa.gov.
10. N. Lawrence and P. Traynor, “Under New Management: Practical Attacks on SNMPv3,” in Proceedings of the 6th USENIX Workshop on Offensive Technologies (WOOT), Bellevue, WA, USA, Aug. 2012, doi: 10.5555/2372399.2372416.
11. J. Schönwälder, A. Pras, M. Harvan, J. Schippers, and R. van de Meent, “SNMP Traffic Analysis: Approaches, Tools, and First Results,” in Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management (IM), Munich, Germany, May 2007, pp. 323–332, doi: 10.1109/INM.2007.374797.
12. IBM, “USM_USER Entry,” IBM z/OS V2.5.0 Documentation. Available online: https://www.ibm.com/docs/en/zos/2.5.0.
13. IBM, “SNMPD.CONF Sample,” IBM z/OS V2.5.0 Documentation. Available online: https://www.ibm.com/docs/en/zos/2.5.0.
14. Cisco Systems, “SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE,” Security Advisory cisco-sa-20170629-snmp, Jun. 2017. Available online: https://sec.cloudapps.cisco.com.
15. Cisco Systems, “Configuration Template for SNMPv3,” Cisco Community Knowledge Base, Document ID 4666450. Available online: https://community.cisco.com.
16. Cisco Systems, “Disable SNMPv1 or SNMPv2c While Other Versions Remain Enabled,” Document ID 113469. Available online: https://www.cisco.com.
17. CERT Coordination Center, “CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol,” Feb. 2002. Available online: https://www.cert.org.
18. National Vulnerability Database, “CVE-2002-0013 Detail: SNMPv1 Request Handling Vulnerabilities,” 2002. Available online: https://nvd.nist.gov/vuln/detail/CVE-2002-0013.
19. National Vulnerability Database, “CVE-2017-6742 Detail: Cisco IOS SNMP Buffer Overflow,” 2017. Available online: https://nvd.nist.gov/vuln/detail/CVE-2017-6742.
20. National Vulnerability Database, “CVE-2025-68615 Detail: Net-SNMP snmptrapd Buffer Overflow,” 2025. Available online: https://nvd.nist.gov/vuln/detail/CVE-2025-68615.
21. PCI Security Standards Council, “Payment Card Industry Data Security Standard: Requirements and Testing Procedures, Version 4.0,” Mar. 2022. Available online: https://www.pcisecuritystandards.org.
22. Joint Task Force, “Security and Privacy Controls for Information Systems and Organizations,” National Institute of Standards and Technology, Gaithersburg, MD, USA, NIST Special Publication 800-53 Rev. 5, Sep. 2020, doi: 10.6028/NIST.SP.800-53r5.
23. Center for Internet Security, “CIS Cisco IOS Benchmark,” ver. 2.2, 2023. Available online: https://www.cisecurity.org.
24. J. Freund and J. Jones, Measuring and Managing Information Risk: A FAIR Approach. Waltham, MA, USA: Butterworth-Heinemann, 2014.
25. L. Andrey, O. Festor, A. Lahmadi, A. Pras, and J. Schönwälder, “Survey of SNMP Performance Analysis Studies,” International Journal of Network Management, vol. 19, no. 6, pp. 527–548, Nov. 2009, doi: 10.1002/nem.729.
26. S. Kuryla and J. Schönwälder, “Evaluation of the Resource Requirements of SNMP Agents on Constrained Devices,” in Managing the Dynamics of Networks and Services, Lecture Notes in Computer Science, vol. 6734. Berlin, Germany: Springer, 2011, pp. 100–111, doi: 10.1007/978-3-642-21484-4_13.
27. OpenConfig, “gNMI Specification,” ver. 0.10.0, GitHub, 2023. Available online: https://github.com/openconfig/gnmi.
28. R. Enns, M. Björklund, J. Schönwälder, and A. Bierman, “Network Configuration Protocol (NETCONF),” IETF RFC 6241, Jun. 2011, doi: 10.17487/RFC6241.
29. F. K. Ariefputra and E. Mulyana, “Performance Analysis of gNMI Streaming Telemetry-Based Monitoring Systems Using Containerlab Network Simulation,” Jurnal Nasional Teknik Elektro dan Teknologi Informasi, vol. 13, no. 2, pp. 101–107, 2024, doi: 10.22146/jnteti.v13i2.10185.
30. Cisco Systems, “Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability,” Security Advisory cisco-sa-snmp-x4LPhte, Sep. 24, 2025. Available online: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte.

Citations by Dimensions

Citations by PlumX

Crossref Citations

No related articles were found.