NEC Corporation Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling

Status

Affected

Vendor Statement

      updated on March 28, 2002

      [Server Products]

      * EWS/UP 48 Series
          - OS's of all versions are vulnerable.
          - SNMP should be off, if not necessary.
          - The patches are available through anonymous FTP from:
                            FTP server: ftp.biglobe.ne.jp
                            directory:  ~ftp/pub/48pub/security/
            Please refer to the README file in the directory.
          - Detail information in Japanese is at:
            < http://www.mid.comp.nec.co.jp/48info/48patch/ca200203snmpd.html>

      [Software Products]

      * Network management system:
          + ESMPRO/ServerManager, ESMPRO Manager
              - is vulnerable.
              - The patch will be available in the end of March.
              - Detail information in Japanese is at:
                < http://www.express.nec.co.jp/care/Security/snmp58.html>

          + ESMPRO/ClientManager(MG), ESMPRO/ClientManager SmallBusiness Pack
              - is vulnerable.
              - The patch will be produced.

          + ESMPRO/Netvisor
              - is vulnerable.
              - The patch will be produced.

          + SystemScope/UXServerManager (Viewer,WindowsMG)
              - is vulnerable.
              - The patch will be produced.

          + OpenDiosa/OPBASE Base Manager-L (Windows version)
              - is vulnerable.
              - The patch will be produced.

      [Router Products]

      * Octpower Series
                 IP8800/700 Series (710,720,730,735,740,750)
                 IP8800/600 Series (610,620MM,620SM,620SS,630)
                 ES8800/1700 Series (1711,1712,1720,1730)
                 MegaAccessRouter Series (MA25UX/4EMA155MX/4EMA155SX/4E)
                 MegaAccess Series (MA25LU/4EMA155LM/4EMA155LS/4E)
                 SH380/200
          - are vulnerable.
          - The patch is available at:
             < http://www.octpower.nec.co.jp/download/index.html>
          - Detail information in Japanese is at:
             < http://www.octpower.nec.co.jp/news/snmp.html>

      * CX5200 Series (CX5220,CX5210)
        CX4200 Series (CX4220,CX4210)
          - are vulnerable.
          - To get fixed software, please contact to:
             <mailto: BQOS@ipnw.jp.nec.com>
          - More information (in Japanese):
             < http://www1.ias.biglobe.ne.jp/IPNW/BQOS/whatsnew.html>

      [VoIP GW/RAS Products]

      * CX3200
          - is vulnerable.
          - To get fixed software, please contact to:
             <mailto: BQOS@ipnw.jp.nec.com>
          - More information (in Japanese):
             < http://www1.ias.biglobe.ne.jp/IPNW/BQOS/whatsnew.html>

      [Other Network Equipment Products]

      [Devices and other products]

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.