Vulnerability Description
Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence that appears in ICMP packets, the subject of an e-mail message, IRC commands, and others.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Logicode | Quicktel | 28.8 |
| Diamond | Supra | 33.6 |
| Us Robotics | Us Robotics | 33.6 |
References
- http://marc.info/?l=bugtraq&m=90695973308453&w=2
- http://www.macintouch.com/modemsecurity.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3320
- http://marc.info/?l=bugtraq&m=90695973308453&w=2
- http://www.macintouch.com/modemsecurity.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3320
FAQ
What is CVE-1999-1228?
CVE-1999-1228 is a vulnerability with a CVSS score of 7.5 (HIGH). Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequenc...
How severe is CVE-1999-1228?
CVE-1999-1228 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1228?
Check the references section above for vendor advisories and patch information. Affected products include: Logicode Quicktel, Diamond Supra, Us Robotics Us Robotics.