Powerware Corporation Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
Powerware Corporation notice regarding CERT SNMP Vulnerability Announcement
and popular Powerware Connectivity Devices
Most customers operate firewalls that block externally originating SNMP
traffic, and further, detect and prevent Denial of Service attacks. It is
these devices that constitute a main focal point of SNMP concern since they
represent the vanguard of your network.
Based upon SNMP blocking and ingress/egress filtering, any possible
potential security vulnerability may only be exploited by users who have
access to your local security domain, therefore the risk is diminished.
Testing has revealed the following:
Powerware, to date, knows of no SNMP-related security issues with its
legacy, internal and external, ConnectUPS SNMP cards. Testing with the
ConnectUPS and BestLink SNMP/Web Card has revealed that the card can, under
direct attack, cease to respond to further network requests. This resulting
behavior does not affect the operation of the underlying UPS. A firmware
patch will be available on the Powerware web site shortly
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.