Nbase-Xyplex Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling

Status

Affected

Vendor Statement

iTouch Communications, Inc. formerly Nbase-Xyplex

iTouch Communications has confirmed that the following tests failed
(software crash) in the MX and InReach Series run-time image Xpcsrv20.sys
version 6.3 and NEMC_IR.SYS version 3.0 and earlier:

1. APP tests, 10545 and 10549
2. ENC tests 878,7643,7686,7687,7688,13358 & 13486

These issues were fixed in Xpcsrv20.sys version 6.3s15 and
NEMC_IR.SYS version 3.0s1 and now they are fully compliant with the SNMP
vulnerability CERT tests.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.