Rescan and Investigate not returning accurate status

I’m working on resolving “Default or Guessable SNMP community names: public”

I get a list of assets that have this vulnerability and then start disabling SNMP and rescan. After rescan, assets still show as having this vulnerability. I’ve repeated this and get the same result. Oddly, some printers (Zebra) seem to show as no longer being vulnerable. But HP printers keep showing as vulnerable. I can print the printer config and it shows public is disabled. I can hit it with an SNMP browser and it does not show public as being there. If I try the investigate option in R7 it still says the vulnerability is there. If I delete the asset in R7 and rescan then it shows the vulnerability is not there.

Is there an issue with rescanning or investigate options that prevent it from actually scanning the asset again? Are there any suggested fixes to this behavior? Do I just have to delete assets and rescan then when I’m having trouble getting a vulnerability to show as being resolved?

Thanks!

I have the same problem, SNMP vulns on some assets, when fixed, require us to delete the asset and rescan to clear the vuln in Rapid7.

We’ve encountered the same problem with these “ghost vulnerabilities”, and unfortunately have to delete the asset.

We have the same issue and have had it for years. hopefully they fix it.

Same thing here. Happens on all of our SNMP capable devices. We’ve tried disabling SNMP and even renaming the community - nothing.

Weill i thought i am the only one facing the trouble. We did every tests , even collecting the tcpdump.the vuln devices doesnt use the public names as they say. still shows as vulnerable. We dont want to delete the asset to lose the history.

Same problem here. The only way is to delete the asset and scan the asset again. Hopefully Rapid7 will fix that soon.