The Simple Network Management Protocol, which is widely deployed on enterprise networks suffers from several well known shortcomings in terms of security. Even though version 3 of the protocol addresses these issues, versions 1 and 2c remain the de facto standard in the wild. SNMP security is especially paramount when enabled on Cisco appliances, as these are frequently configurable via SNMP. The talk is going to outline what the particular weaknesses of SNMP are, how these tie in with weaknesses in Cisco IOS and finally how common SNMP and Cisco misconfigurations can be leveraged to obtain administrative access to appliances such as routers, switches and bridges. This attack scenario is demonstrated using a newly developed framework, that largely automates SNMP based attacks against Cisco appliances. The presentation will conclude with a brief discussion of the impact of this type of attack and what countermeasures can be employed to secure routing infrastructure against it.