Yes, I believe you are correct that this CVE is not patched in ScreenOS current releases.
SNMPv3 uses VACM to define the access allowed on the device. In ScreenOS you map the desired community with the configured ip restrictions to the VACM you create in SNMPv3.
The process is laid out in the ScreenOS Concepts and examples guide Administration section.