Equinox Systems Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling



Vendor Statement

      This is in reference to the CERT Advisory CA-2002-03 addressing
      potential security vulnerabilities that exist in network devices
      using SNMPv1 as the management protocol.  Equinox has determined that
      exploitation of these vulnerabilities may interfere with normal
      operation of our ESP serial hub through malicious use of the
      management interfaces provided for its Equiview Plus application.  We
      are evaluating the impact on the ESP and will release appropriate
      fixes if necessary.  In the interim, Equinox recommends the following
      mitigation procedures.

      In most network environments, firewalls are deployed to prohibit
      externally originating SNMP traffic and both detect and prevent
      Denial of Service attacks.  Since the ESP does not currently allow
      for disabling of SNMP, it is recommended that this device be operated
      in a secure environment in conjunction with the following SNMP
      network security safeguards:

      1.    Filter SNMP access to managed devices to ensure the traffic
      originates from known management systems
      2.    Use upstream firewall/access lists to deny access to the SNMP
      agents accessible on the network
      3.    Use access profiles to deny SNMP access to unknown users
      4.    Use dedicated management VLANs or out-of-band management to
      contain SNMP traffic and multicasts
      5.    Change the default community strings

      Equinox will continue to address potential security problems across
      its product line and provide patches as circumstances dictate.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.