Carrier Access Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      Carrier Access has reviewed the  released CERT® Advisory CA-2002-03 related
      to security vulnerabilities that exist in network devices using SNMPv1 as the management

      There are no known format string or buffer overflow vulnerabilities. Denial
      of service (management) is a known vulnerability of Carrier Access products
      residing on non-secure networks. Specific testing and a review of test
      reports have revealed no SNMP V1 security issues.   Carrier Access has
      documented this finding in a Product Technical Note (PTN-02-003).  To
      receive a copy of this documentation, please contact Carrier Access customer
      support center at 1-800-786-9929 or email to ""

      Recommended Actions for Network Security:
      . Review and implementation of accepted solutions outlined in section III
      (Solution) of CERT ® Advisory CA-2002-03
      . Filter of SNMP traffic at network access points
      . Use of proprietary SNMP Community Strings
      . Segregate/Filter Network Management traffic from public domains

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.