Powerware Corporation Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      Powerware Corporation notice regarding CERT SNMP Vulnerability Announcement
      and popular Powerware Connectivity Devices

      Most  customers  operate  firewalls  that block externally originating SNMP
      traffic,  and  further, detect and prevent Denial of Service attacks. It is
      these devices that constitute a main focal point of SNMP concern since they
      represent the vanguard of your network.

      Based  upon  SNMP  blocking  and  ingress/egress  filtering,  any  possible
      potential  security  vulnerability  may only be exploited by users who have
      access to your local security domain, therefore the risk is diminished.

      Testing has revealed the following:

      Powerware, to date, knows of no SNMP-related security issues with its
      legacy, internal and external, ConnectUPS SNMP cards. Testing with the
      ConnectUPS and BestLink SNMP/Web Card has revealed that the card can, under
      direct attack, cease to respond to further network requests. This resulting
      behavior does not affect the operation of the underlying UPS. A firmware
      patch will be available on the Powerware web site shortly

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.