Carrier Access Information for VU#854306

Multiple vulnerabilities in SNMPv1 request handling

Status

Affected

Vendor Statement

      Carrier Access has reviewed the  released CERT® Advisory CA-2002-03 related
      to security vulnerabilities that exist in network devices using SNMPv1 as the management
      protocol.

      There are no known format string or buffer overflow vulnerabilities. Denial
      of service (management) is a known vulnerability of Carrier Access products
      residing on non-secure networks. Specific testing and a review of test
      reports have revealed no SNMP V1 security issues.   Carrier Access has
      documented this finding in a Product Technical Note (PTN-02-003).  To
      receive a copy of this documentation, please contact Carrier Access customer
      support center at 1-800-786-9929 or email to "tech-support@carrieraccess.com"

      Recommended Actions for Network Security:
      . Review and implementation of accepted solutions outlined in section III
      (Solution) of CERT ® Advisory CA-2002-03
      . Filter of SNMP traffic at network access points
      . Use of proprietary SNMP Community Strings
      . Segregate/Filter Network Management traffic from public domains

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.