Optical Access Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling

Status

Affected

Vendor Statement

      Following the release of vulnerability notes VU#107186 and VU#854306, our
      company OpicalAccess has two product lines of switches and routers with SNMP
      agent implementations : OptiSwitch and OptiSwitch Master.

      Optical Access tested the SNMP agents of our OptiSwitch product line with
      the original Oulu university test patterns and found them not vulnerable.

      The OptiSwitch Master product line uses UCD-SNMP version that was found to
      be vulnerable. UCD-SNMP version that includes the patch for the reported
      vulnerabilities will be integrated into the next major release. Until then,
      The use of ACL for management sessions feature can signifficantly reduce the
      risk ( without compromising performance).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.