[tptacek]

Yes, obviously you can sniff community strings, but that only helps if you're speaking SNMP over the Internet.

Again the case I'm making is that this particular bug is really only useful for persisting onto networks you've already compromised.

[eitally]

I would not be surprised if there are companies & organizations out there using SNMP monitoring tools to monitor cloud hosted systems in the same on-prem instance they're monitoring their on-prem systems from.

I'm thinking specifically of my old company, which used Nagios to monitor a few hundred VMs on AWS in addition to the several thousand servers & all the networking gear running locally.