ITouch Communications Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      iTouch Communications has confirmed that the following tests failed
      (software crash) in the MX and InReach Series run-time image
      Xpcsrv20.sys version  6.3 and NEMC_IR.SYS version 3.0 and earlier:

          1. APP tests, 10545 and 10549
          2. ENC tests 878,7643,7686,7687,7688,13358 & 13486

      These issues were fixed in Xpcsrv20.sys version 6.3s15 and
      NEMC_IR.SYS version 3.0s1 and now  they are fully compliant with the
      SNMP vulnerability CERT tests.

      Customers requesting software updates or more information may
      contact iTouch Communications at 800-435-7997 (domestic) and 978-952-4888
      (International) and select the Customer Service option.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.