CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-31977

Critical Severity
Adtran
SVRS
77/100
CVSSv3
8.8/10
EPSS
0.00698/1

CVE-2024-31977 allows for OS Command Injection in Adtran devices. Attackers can inject malicious commands via the Ping or Traceroute utility using shell metacharacters. This vulnerability affects Adtran 834-5 devices with firmware version 11.1.0.101-202106231430 and is fixed in SmartOS Version 12.6.3.1. With a CVSS score of 8.8 and a SOCRadar Vulnerability Risk Score (SVRS) of 77, this vulnerability poses a significant risk, nearing critical levels requiring prompt review. Successful exploitation could enable unauthorized access and control over the affected system. Although the SVRS isn't above 80, the high CVSS and SVRS scores indicate a serious vulnerability needing immediate patching to prevent potential cyberattacks. The command injection flaw makes the devices susceptible to remote code execution, impacting confidentiality, integrity, and availability.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-07-24
LAST MODIFIED2024-09-03

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

CVE-2024-31977 OS Command Injection in Adtran 834-5 Devices (Fixed in SmartOS 12.5.5.1) Adtran 834-5 11.1.0.101-202106231430, fixed in SmartOS Version 12.5.5.1, has an OS Command Injection vulnerability. This iss... https://t.co/1254KqADSu
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSAdtransdg_smartos
Configuration 2
TypeVendorProduct
OSAdtran834-5_firmware

References

ReferenceLink
[email protected]https://drive.proton.me/urls/GXDM5T5NSG#RHa0yVWSKyoz
[email protected]https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31977
[email protected]https://github.com/actuator/cve/tree/main/AdTran/834-5
[email protected]https://drive.proton.me/urls/GXDM5T5NSG#RHa0yVWSKyoz
[email protected]https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31977
[email protected]https://github.com/actuator/cve/tree/main/AdTran/834-5
[email protected]https://supportcommunity.adtran.com/t5/Security-Advisories/ADTSA-2024001-Multiple-vulnerabilities-in-Service-Delivery-Gateway-products/ta-p/39332

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence