CVE-2023-38120
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.8EPSS 3.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
03 may 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the ping command, which is available over JSON-RPC. A crafted host parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-20525.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Adtran · SR400ac¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →