Radware Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
Radware has assessed its SNMP based products against the vulnerabilities identified in CERT Advisory CA-2002-03. The following table identifies by product the currently available software maintenance releases that include the fix for the SNMP vulnerabilities:
|Product||Release (HW Platforms)|
|WSD||6.18.02 (H, C)|
7.10.08 (AS2, AS1, H, C)
7.20.02 (AS1, H)
7.21.02 (AS2, AS1)
|CSD||3.30.02 (AS2, AS1)|
3.40.01 (AS2, AS1)
|FP||2.20.09 (AS1, H, C)|
|LP||3.20.09 (AS1, H, C)|
|CertainT 100||2.20.00 (Model A, Model B)|
Radware customers can download this software from the following link:
Radware Channel Partners can download this software from the following link:
For upgrades within the same feature release, e.g. WSD 7.10.07 to WSD 7.10.08, software passwords are not needed.
For upgrades to a new feature release, e.g. WSD 7.10.07 to WSD 7.21.02, a software password is needed and can be obtained by contacting Radware technical support at firstname.lastname@example.org. The unit must be covered by an active support agreement to obtain a password for a feature release upgrade. Additional requirements, e.g. minimum Boot ROM software version, may exist. Software upgrade instructions can be found at the following link:
Anyone who does not have access to the restricted areas of the Radware web site or has any other questions regarding these maintenance releases and the upgrade process, can contact Radware Technical Support at email@example.com for assistance.
At all times, Radware recommends taking the following standard security precautions:
- Disable all remote management access through all unnecessary interfaces using the SNMP or Management Ports Table feature, depending on the specific software release in use.
- If possible, limit all remote management access to a physically separate port that is connected to a secure management segment.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.