Alcatel Lucent-7750 SR Default Account improper authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.1 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Alcatel Lucent-7750 SR and classified as critical. Impacted is an unknown function of the component Default Account. Performing a manipulation results in improper authentication. Additionally, an exploit exists. It is recommended to add additional authentication.
Details
A vulnerability classified as critical has been found in Alcatel Lucent-7750 SR (the affected version unknown). This affects an unknown part of the component Default Account. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. This is going to have an impact on confidentiality, and integrity.
The weakness was released 12/12/2013 by Darius Freamon as Alcatel-Lucent 7750 SR Router Default Console Password as confirmed advisory (Website). It is possible to read the advisory at dariusfreamon.wordpress.com. The public release was coordinated with Alcatel. The advisory contains:
The Alcatel-Lucent 7750 SR Router has a default console password according to the manual. It isn’t clear if this default works for other services or is restricted to the console only. At the router prompt, enter the login and password. The default login is admin. The default password is admin.Technical details are unknown but a public exploit is available.
After immediately, there has been an exploit disclosed. It is declared as proof-of-concept.
It is possible to mitigate the problem by adding an authentication mechanism.
The vulnerability is also documented in the vulnerability database at OSVDB (101008†). Further details are available at dariusfreamon.wordpress.com. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.4VulDB Meta Temp Score: 4.1
VulDB Base Score: 4.4
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: AuthenticationStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Timeline
12/12/2013 🔍12/12/2013 🔍
12/16/2013 🔍
03/28/2019 🔍
Sources
Advisory: Alcatel-Lucent 7750 SR Router Default Console PasswordResearcher: Darius Freamon
Status: Confirmed
Coordinated: 🔍
GCVE (VulDB): GCVE-100-11511
OSVDB: 101008
Misc.: 🔍
Entry
Created: 12/16/2013 13:30Updated: 03/28/2019 14:24
Changes: 12/16/2013 13:30 (47), 03/28/2019 14:24 (1)
Complete: 🔍
Committer:
Cache ID: 216:9D8:103
No comments yet. Languages: en.
Please log in to comment.