Security Advisory-Overflow Vulnerabilities in SNMPv3

2013-04-25T00:00:00
ID HUAWEI-SA-20130425-02
Type huawei
Reporter Huawei Technologies
Modified 2015-11-23T00:00:00

Description

Simple Network Management Protocol version 3(SNMPv3) is provided by Huawei for network and device management. While the SNMPv3 is enable on some Huawei products, attackers can crash the vulnerable equipment by sending malformed SNMPv3 messages, and make a denial of service (DoS) attack to vulnerable equipment remotely. (Vulnerability ID: HWNSIRT-2013-0427) These vulnerabilities were first reported by Roberto Paleari of Emaze Networks S.p.A. Huawei would like to thank Roberto Paleari and Emaze Networks S.p.A for reporting these issues and for working with us to help protect the security of our customers. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260601.htm