CVE-2024-28093
📋 TL;DR
The TELNET service on AdTran NetVanta 3120 devices is enabled by default with root-level default credentials, allowing attackers to gain administrative access. This affects all users of NetVanta 3120 devices running version 18.01.01.00.E who haven't changed the default credentials.
💻 Affected Systems
- AdTran NetVanta 3120
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise leading to network infiltration, data exfiltration, or use as a pivot point for lateral movement.
Likely Case
Unauthorized administrative access to the device enabling configuration changes, service disruption, or credential harvesting.
If Mitigated
Limited to unsuccessful authentication attempts if credentials are changed and TELNET is disabled.
🎯 Exploit Status
Exploitation requires knowledge of default credentials, which are publicly documented. Simple TELNET connection with default credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: https://supportcommunity.adtran.com/t5/NetVanta-Product-Notices/2019-Q2-NetVanta-3120-3130-EOL/ta-p/35715
Restart Required: No
Instructions:
No official patch available as device is End-of-Life. Follow workarounds and mitigation steps.
🔧 Temporary Workarounds
Disable TELNET service
allTurn off the TELNET service to prevent remote access via this protocol.
telnet-server disable
Change default credentials
allModify the default root password to a strong, unique password.
configure terminal
username root password <new_strong_password>
🧯 If You Can't Patch
- Network segmentation: Isolate NetVanta devices in a separate VLAN with strict access controls.
- Implement network access control lists (ACLs) to block TELNET traffic (TCP port 23) from untrusted networks.
🔍 How to Verify
Check if Vulnerable:
Attempt TELNET connection to device port 23 using default credentials (check vendor documentation for specifics).Check Version:
show versionVerify Fix Applied:
Verify TELNET service is disabled via device configuration and test connection attempts fail. Confirm password change by attempting login with old credentials.📡 Detection & Monitoring
Log Indicators:
- Failed or successful TELNET authentication attempts from unusual IPs
- Configuration changes via TELNET sessions
Network Indicators:
- TELNET traffic (TCP/23) to NetVanta devices
- Brute-force attempts on port 23
SIEM Query:
source_port:23 AND (event_type:authentication_failure OR event_type:authentication_success) AND device_vendor:AdTran🔗 References
- https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-28093
- https://github.com/actuator/cve/blob/main/AdTran/CWE-287
- https://supportcommunity.adtran.com/t5/NetVanta-Product-Notices/2019-Q2-NetVanta-3120-3130-EOL/ta-p/35715
- https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-28093
- https://github.com/actuator/cve/blob/main/AdTran/CWE-287
- https://supportcommunity.adtran.com/t5/NetVanta-Product-Notices/2019-Q2-NetVanta-3120-3130-EOL/ta-p/35715
