Monday, 4 September 2017

On 00:49 by Unknown in    No comments
A vulnerability, which was classified as critical, was found in AT&T U-verse up to 9.2.2h0d83 on NVG589/NVG599. This affects an unknown function of the component IP Passthrough Mode. The manipulation as part of a TCP Connection leads to a weak authentication vulnerability. CWE is classifying the issue as CWE-287. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was published 09/03/2017. This vulnerability is uniquely identified as CVE-2017-14117 since 09/03/2017. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 09/04/2017).

It is possible to mitigate the weakness by firewalling tcp/49152.

CVSSv3

VulDB Base Score7.3
VulDB Temp Score7.1
VulDB VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:W/RC:X
VulDB Reliability: High

CVSSv2

VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete
VulDB Base Score6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
VulDB Temp Score6.5 (CVSS2#E:ND/RL:W/RC:ND)
VulDB Reliability: High

CPE

  • cpe:/a:at&t:u-verse:9.2.2h0d83

Exploiting

Class: Weak authentication (CWE-287)
Local: No
Remote: Yes

Availability: No

Price Prediction: steady
Current Price Estimation

0-Day$0-$5k$5k-$25k$25k-$100k$100k-$500k
Today$0-$5k$5k-$25k$25k-$100k$100k-$500k


Countermeasures

Recommended: Firewall
Status: Workaround
0-Day Time: 0 days since found

Firewalling: tcp/49152

Timeline

09/03/2017   Advisory disclosed
09/03/2017  +0 days CVE assigned
09/04/2017  +1 days VulDB entry created
09/04/2017  +0 days VulDB last update

Sources

CVE: CVE-2017-14117 (mitre.org) (nvd.nist.org) (cvedetails.com)

0 comments:

Post a Comment