SonicWALL INC. Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      SonicWALL has tested its products in response to CERTŪ Advisory
      CA-2002-03 "Multiple Vulnerabilities in Many Implementations of the
      Simple Network Management Protocol (SNMP)," SonicWALL's has found NO
      evidence of any SNMP vulnerabilities in any SonicWALL Firewall/VPN
      appliance or Red Creek 3VPN appliances. No updates are required to
      maintain the integrity of these products.

      SonicWALL acknowledges the potential of SNMP vulnerabilities in its SSL
      offloader products and is currently working to address any potential
      security issues. However, exposure to vulnerability is extremely low due
      to the nature of the typical SSL Offloader network configuration.
      Because the SSL Offloader is located within a secure network
      environment, rather than at the network perimeter, the only opportunity
      for attack would be internal. Customers can eliminate the risk by
      temporarily disabling the SNMP sub-system.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.