Vulnerability Details CVE-2024-31977
Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.0%
CVSS Severity
CVSS v3 Score 8.8
References
- https://drive.proton.me/urls/GXDM5T5NSG#RHa0yVWSKyoz
- https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31977
- https://github.com/actuator/cve/tree/main/AdTran/834-5
- https://supportcommunity.adtran.com/t5/Security-Advisories/ADTSA-2024001-Multiple-vulnerabilities-in-Service-Delivery-Gateway-products/ta-p/39332
- https://drive.proton.me/urls/GXDM5T5NSG#RHa0yVWSKyoz
- https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31977
- https://github.com/actuator/cve/tree/main/AdTran/834-5
Products affected by CVE-2024-31977
-
cpe:2.3:h:adtran:834-5:-
-
cpe:2.3:o:adtran:834-5_firmware:11.1.0.101-202106231430
-
cpe:2.3:o:adtran:sdg_smartos:-
-
cpe:2.3:o:adtran:sdg_smartos:10.8.12.1
-
cpe:2.3:o:adtran:sdg_smartos:11.2.1.1
-
cpe:2.3:o:adtran:sdg_smartos:11.2.3.1
-
cpe:2.3:o:adtran:sdg_smartos:11.2.4.1
-
cpe:2.3:o:adtran:sdg_smartos:11.2.6.1
-
cpe:2.3:o:adtran:sdg_smartos:12.0.2.1
-
cpe:2.3:o:adtran:sdg_smartos:12.0.3.1
-
cpe:2.3:o:adtran:sdg_smartos:12.0.4.1
-
cpe:2.3:o:adtran:sdg_smartos:12.1.3.1
-
cpe:2.3:o:adtran:sdg_smartos:12.2.3.1
-
cpe:2.3:o:adtran:sdg_smartos:12.3.4.1
-
cpe:2.3:o:adtran:sdg_smartos:12.3.5.1
-
cpe:2.3:o:adtran:sdg_smartos:12.4.5.1
-
cpe:2.3:o:adtran:sdg_smartos:12.4.6.1
-
cpe:2.3:o:adtran:sdg_smartos:12.5.3.1