cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ADTSA-2021001: SmartOS 10.x Vulnerability

ADTSA-2021001: SmartOS 10.x Vulnerability

Description


ADTRAN has recently discovered that some installations of products running SmartOS version 10.x are vulnerable to compromise by a remote attacker if configured in an insecure manner. The latest assessment of these products indicates that devices which are configured with unfiltered HTTP/HTTPS enabled on the WAN are susceptible to attack.

The investigation is ongoing and future updates will be provided here.


Affected Products


Product Family Severity Notes
SR400
SR905
Critical  

Mitigating Factors & Recommended Actions


Product Family Mitigating Factors Recommended Actions
SR400
SR905
Installations that do not have HTTP/HTTPS WAN access enabled are not remotely exploitable.

Disable HTTP/HTTPS WAN access using these instructions.

If you believe your product may have been compromised, please contact ADTRAN Product Support for additional assistance.


Resolution


Product Family Resolution
SR400
SR905
Upgrade to SmartOS 10.8.9.1 and disable unfiltered WAN management access. SmartOS 10.8.9.1 includes a fix to prevent arbitrary code execution by an authenticated GUI user as well as additional security hardening.

Revision History


Revision Date Changes
B 2021-06-07 Updated the resolution.
A 2021-04-27 Initial release.
Version history
Revision #:
9 of 9
Last update:
‎06-07-2021 12:30 PM
Updated by:
 
Contributors