5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP).One security vulnerability has been discovered in net-snmp used with IBM Security Network Protection.
CVE ID: CVE-2014-3565 **
DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the “-OQ” option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95638 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM Security Network Protection 5.2
IBM Security Network Protection 5.3
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from IBM Fix Central and upload and install via the Fix Packs page of the Local Management Interface.
IBM Security Network Protection| Firmware version 5.3| Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security network protection | eq | 5.2.0 | |
ibm security network protection | eq | 5.3 |