Описание
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands.
Ссылки
- Third Party AdvisoryVDB Entry
- https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/Third Party Advisory
- ExploitMitigationTechnical DescriptionThird Party Advisory
- Third Party AdvisoryVDB Entry
- https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/Third Party Advisory
- ExploitMitigationTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
8.1 High
CVSS3
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands.
EPSS
8.1 High
CVSS3
9.3 Critical
CVSS2