SonicWALL INC. Information for VU#854306
Multiple vulnerabilities in SNMPv1 request handling
SonicWALL has tested its products in response to CERTŪ Advisory
CA-2002-03 "Multiple Vulnerabilities in Many Implementations of the
Simple Network Management Protocol (SNMP)," SonicWALL's has found NO
evidence of any SNMP vulnerabilities in any SonicWALL Firewall/VPN
appliance or Red Creek 3VPN appliances. No updates are required to
maintain the integrity of these products.
SonicWALL acknowledges the potential of SNMP vulnerabilities in its SSL
offloader products and is currently working to address any potential
security issues. However, exposure to vulnerability is extremely low due
to the nature of the typical SSL Offloader network configuration.
Because the SSL Offloader is located within a secure network
environment, rather than at the network perimeter, the only opportunity
for attack would be internal. Customers can eliminate the risk by
temporarily disabling the SNMP sub-system.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.