There are a number of management objects defined in this MIB module
   with a MAX-ACCESS clause of read-write and/or read-create. read-write.  Such objects may be
   considered sensitive or vulnerable in some network environments.  The
   support for SET operations in a non-secure environment without proper
   protection opens devices to attack.  These are the tables and objects
   and their sensitivity/vulnerability:

    <list

   o  mvpnSPTunnelLimit

      The value of this object is used to control the tables and objects and state why they are sensitive> maximum number of
      selective provider tunnels that a PE allows for a particular MVPN.
      Access to this object may be abused to impact the performance of
      the PE or prevent the PE from having new selective provider
      tunnels.

   o  mvpnBgpCmcastRouteWithdrawalTimer

      The value of this object is used to control the delay for the
      advertisement of withdrawals of C-multicast routes.  Access to
      this object may be abused to impact the performance of a PE.

   o  mvpnBgpSrcSharedTreeJoinTimer
      The value of this object is used to control the delay for the
      advertisement of Source/Shared Tree Join C-multicast routes.
      Access to this object may be abused to impact the propagation of
      C-multicast routing information.

   o  mvpnBgpMsgRateLimit

      The value of this object is used to control the upper bound for
      the rate of BGP C-multicast routing information message exchange
      among PEs.  Access to this object may be abused to impact the
      performance of the PE or disrupt the C-multicast routing
      information message exchange using BGP.

   o  mvpnBgpMaxSpmsiAdRoutes

      The value of this object is used to control the upper bound for
      the number of S-PMSI A-D routes.  Access to this object may be
      abused to impact the performance of the PE or prevent the PE from
      receiving S-PMSI A-D routes.

   o  mvpnBgpMaxSpmsiAdRouteFreq

      The value of this object is used to control the upper bound for
      the frequency of S-PMSI A-D route generation.  Access to this
      object may be abused to impact the performance of the PE or
      prevent the PE from generating new S-PMSI A-D routes.

   o  mvpnBgpMaxSrcActiveAdRoutes

      The value of this object is used to control the upper bound for
      the number of Source Active A-D routes.  Access to this object may
      be abused to impact the performance of the PE or prevent the PE
      from receiving Source Active A-D routes.

   o  mvpnBgpMaxSrcActiveAdRouteFreq

      The value of this object is used to control the upper bound for
      the frequency of Source Active A-D route generation.  Access to
      this object may be abused to impact the performance of the PE or
      prevent the PE from generating new Source Active A-D routes.

   Some of the readable objects in this MIB module (e.g., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  This includes INDEX
   objects with a MAX-ACCESS of not-accessible, and any indices from
   other modules exposed via AUGMENTS.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:

    <list the tables

   o  The address-related objects in this MIB module may have impact on
      privacy and security.  These objects may reveal the locations of
      senders and state why they are sensitive> recipients.

      *  mvpnPmsiTunnelPimGroupAddr

      *  mvpnSpmsiCmcastGroupAddr

      *  mvpnSpmsiCmcastSourceAddr

      *  mvpnAdvtPeerAddr

      *  mvpnMrouteCmcastGroupAddr

      *  mvpnMrouteCmcastSourceAddrs

      *  mvpnMrouteUpstreamNeighborAddr

      *  mvpnMrouteRtAddr

      *  mvpnMrouteNextHopGroupAddr

      *  mvpnMrouteNextHopSourceAddrs

      *  mvpnMrouteNextHopAddr

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPsec),
   there is no control as to who on the secure network is allowed to
   access and GET/SET (read/change/create/delete) the objects in this
   MIB module.

   Implementations SHOULD provide the security features described by the
   SNMPv3 framework (see [RFC3410]), and implementations claiming
   compliance to the SNMPv3 standard MUST include full support for
   authentication and privacy via the User-based Security Model (USM)
   [RFC3414] with the AES cipher algorithm [RFC3826].  Implementations
   MAY also provide support for the Transport Security Model (TSM)
   [RFC5591] in combination with a secure transport such as SSH
   [RFC5592] or TLS/DTLS [RFC6353].

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.