Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Carrier Access Information for VU#854306

Date Notified
Date Modified11/07/2007 01:31:30 PM
Status SummaryVulnerable

Vendor Statement

      Carrier Access has reviewed the  released CERT® Advisory CA-2002-03 related
      to security vulnerabilities that exist in network devices using SNMPv1 as the management
      protocol.

      There are no known format string or buffer overflow vulnerabilities. Denial
      of service (management) is a known vulnerability of Carrier Access products
      residing on non-secure networks. Specific testing and a review of test
      reports have revealed no SNMP V1 security issues.   Carrier Access has
      documented this finding in a Product Technical Note (PTN-02-003).  To
      receive a copy of this documentation, please contact Carrier Access customer
      support center at 1-800-786-9929 or email to "tech-support@carrieraccess.com"

      Recommended Actions for Network Security:
      . Review and implementation of accepted solutions outlined in section III
      (Solution) of CERT ® Advisory CA-2002-03
      . Filter of SNMP traffic at network access points
      . Use of proprietary SNMP Community Strings
      . Segregate/Filter Network Management traffic from public domains

US-CERT Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information