Alcatel-Lucent Home Device Manager Spoofing

2015.11.04
Credit: Dr. Ulrich Fiedler
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################################################################################### # # SWISSCOM CSIRT ADVISORY - https://www.swisscom.ch/en/about/sustainability/digital- #switzerland/security.html # ################################################################################## # # CVE ID: CVE-2015-6498 # Product: Home Device Manager # Vendor: Alcatel-Lucent # Subject: Code vulnerability, remotely exploitable # Finder: Dr. Ulrich Fiedler and his team at BFH-TI Biel/Bienne # Coord: Philippe Cuany (csirt _at_ swisscom.com) # Date: Nov 02nd 2015 # ################################################################################## Description ----------- A vulnerability has been discovered in the TR069 protocol that can potentially affect all Automatic Configuration Servers (ACS). The issue has been fixed in the Home Device Manager (HDM) product from Alcatel-Lucent with an anti-spoofing filter. HDM allows service providers to remotely manage CPEs, such as residential gateways, IP set-top boxes, and VoIP terminal adapters that comprise a home networking environment. Product ------- Alcatel-Lucent Home Device Manager, version prior to 4.1.10 may be affected if they have no filtering in place, which was provided as a customer specific extension already by Alcatel-Lucent, or have foreseen other additional authorization checks. Vulnerability ------------- The vulnerability allows an attacker to perform impersonation attacks by spoofing CPE using tr-069 (cwmp) Protocol. An attacker could gain unauthorized access to third-party SIP Credentials for the spoofed device and perform illegal activities (phone fraud). The vulnerability has been tested and confirmed. Remediation ----------- Update to Home Device Manager Version 4.1.10 (or higher) or 4.2.2 (or higher) and activate the anti-spoofing filters, in case there is not already a customer specific filter or authorization check in place. Acknowledgments --------------- Dr. Ulrich Fiedler and his team at BFH-TI Biel/Bienne for the discovery and notification about the vulnerability. Milestones ---------- Jul 13th 2015 Details about the vulnerability are communicated to Swisscom Jul 14th 2015 HDM anti-spoffing filter available Aug 13th 2015 CVE ID requested at MITRE Aug 18th 2015 CVE ID 2015-6498 assigned by MITRE Nov 02nd 2015 Public Release of Advisory


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top