Lucene search

[email protected]NVD:CVE-2024-31977

HistoryJul 24, 2024 - 3:15 p.m.

CVE-2024-31977

2024-07-2415:15:11

CWE-78

[email protected]

web.nvd.nist.gov

adtran 834-5

os command injection

ping

traceroute

smartos version 12.5.5.1

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.8%

JSON

Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility.

Affected configurations

Nvd

Node

adtransdg_smartosRange<12.5.5.1

Node

adtran834-5_firmwareMatch11.1.0.101-202106231430

AND

adtran834-5Match-

VendorProductVersionCPE
adtransdg_smartos*cpe:2.3:o:adtran:sdg_smartos:*:*:*:*:*:*:*:*
adtran834-5_firmware11.1.0.101-202106231430cpe:2.3:o:adtran:834-5_firmware:11.1.0.101-202106231430:*:*:*:*:*:*:*
adtran834-5-cpe:2.3:h:adtran:834-5:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adtran	sdg_smartos	*	cpe:2.3:o:adtran:sdg_smartos::::::::
adtran	834-5_firmware	11.1.0.101-202106231430	cpe:2.3:o:adtran:834-5_firmware:11.1.0.101-202106231430:::::::*
adtran	834-5	-	cpe:2.3:h:adtran:834-5:-:::::::*

References

drive.proton.me/urls/GXDM5T5NSG#RHa0yVWSKyoz

github.com/actuator/cve/blob/main/AdTran/CVE-2024-31977

github.com/actuator/cve/tree/main/AdTran/834-5

supportcommunity.adtran.com/t5/Security-Advisories/ADTSA-2024001-Multiple-vulnerabilities-in-Service-Delivery-Gateway-products/ta-p/39332

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.8%

JSON

Related for NVD:CVE-2024-31977

vulnrichment1 cvelist1 cve1 githubexploit1