|
| TC: | 12033 | |
| Description: | The Alcatel Speed Touch family of ADSL-Ethernet router/bridge products exhibits several serious security flaws. Some Alcatel ADSL-Ethernet bridge products feature an embedded TFTP server which can be used by remote users to make changes to configuration and firmware. Normally, the TFTP service in such a device would not be accessible from the WAN. In this case, however, the interface is available to both extranet users and attackers local to the copper loop on which the DSL connection is carried. Since TFTP provides no support for user authentication, this leaves the device's administration interface and firmware upload feature completely open to any attacker. Moreover, user-supplied firmware code transferred to the router/bridge is not checked for authenticity, and an attacker may exploit the open TFTP interface to install malicious code on the device. No method is available for disabling the vulnerable TFTP service. Only the Speed Touch Pro is vulnerable to remote changes to firmware code and configuration settings, and this model can be made secure from such interference by the activation of an inbuilt security feature disabling remote access from the WAN/DSL interface. | |
| TC Impact: | Gather Info | |
| Service: | tftp |
| Vulnerability Publication: | April 10, 2001 | |
| Advisory Copyright: | Tsutomu Shimomura. | |
| Summary: | A remote attacker can dangerously compromise your network and data transfer. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete | |
| CVSS 2.0 Base Score: | 10 |
| Vulnerability Impact: |
Gather Info |
|---|
| Host Impact: | Several attacks are possible leading to remote code execution. | |
| Nature of Remediation: | Update the software. Apply configuration correction. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Update Configuration ***** Workaround: Configuring the security of your Alcatel Speed Touch Pro modem: Setup a telnet connection to your modem. Telnet address is 10.0.0.138 Consult your Operation System manual on how to setup a telnet connection. Type "Enter" at the User Name prompt Wait for the next prompt and then type the following: => ip config The information on you firmware protection feature is given in the second line of the response If it is "ON", your modem has the security features activated and you have nothing to worry about. If it is "OFF", you are vulnerable to the attacks. You can adjust the security settings as follows: => ip config firewalling on => config save |
| References: | ||
| * BUGTRAQ: 20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems http://www.securityfocus.com/archive/1/175229 * CERT: CA-2001-08 http://www.cert.org/advisories/CA-2001-08.html * CERT-VN: VU#490344 http://www.kb.cert.org/vuls/id/490344 * BID: 2566 http://www.securityfocus.com/bid/2566 * XF: alcatel-tftp-lan-access(6336) http://xforce.iss.net/xforce/xfdb/6336 * MISC: http://online.securityfocus.com/archive/1/179205 * MISC: http://www.alcatel.com/consumer/dsl/prodpro.htm |
| CVE Link: |
CVE-2001-1426 |
 |
|---|
| Glossary: |
Remote Command Execution Remote Reconfiguration |
|---|