Carrier Access Information for VU#107186
Multiple vulnerabilities in SNMPv1 trap handling
Carrier Access has reviewed the released CERT® Advisory CA-2002-03 related
to security vulnerabilities that exist in network devices using SNMPv1 as the management
There are no known format string or buffer overflow vulnerabilities. Denial
of service (management) is a known vulnerability of Carrier Access products
residing on non-secure networks. Specific testing and a review of test
reports have revealed no SNMP V1 security issues. Carrier Access has
documented this finding in a Product Technical Note (PTN-02-003). To
receive a copy of this documentation, please contact Carrier Access customer
support center at 1-800-786-9929 or email to "firstname.lastname@example.org"
Recommended Actions for Network Security:
. Review and implementation of accepted solutions outlined in section III
(Solution) of CERT ® Advisory CA-2002-03
. Filter of SNMP traffic at network access points
. Use of proprietary SNMP Community Strings
. Segregate/Filter Network Management traffic from public domains
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.