CVE-2017-14117 — MEDIUM (5.9)

Vulnerability Description

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Att	U-Verse Firmware	9.2.2h0d83
Commscope	Arris Nvg589	-
Commscope	Arris Nvg599	-

Related Weaknesses (CWE)

CWE-287

References

http://www.securityfocus.com/bid/100585Third Party AdvisoryVDB Entry
https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-triThird Party Advisory
https://www.nomotion.net/blog/sharknatto/ExploitMitigationTechnical Description
http://www.securityfocus.com/bid/100585Third Party AdvisoryVDB Entry
https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-triThird Party Advisory
https://www.nomotion.net/blog/sharknatto/ExploitMitigationTechnical Description

FAQ

What is CVE-2017-14117?

CVE-2017-14117 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remo...

How severe is CVE-2017-14117?

CVE-2017-14117 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-14117?

Check the references section above for vendor advisories and patch information. Affected products include: Att U-Verse Firmware, Commscope Arris Nvg589, Commscope Arris Nvg599.