CVE-2024-31970 – This vulnerability allows attackers to gain roo... (How to Fix)

Q: What is the severity of CVE-2024-31970?

CVE-2024-31970 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to gain root-level access to AdTran SRG 834-5 devices during initial setup when SSH is enabled with default admin/admin credentials. Affected systems are AdTran SRG 834-5 devices running SmartOS 11.1.1.1, though the vendor disputes the exploitability from WAN interfaces.

📋 TL;DR

This vulnerability allows attackers to gain root-level access to AdTran SRG 834-5 devices during initial setup when SSH is enabled with default admin/admin credentials. Affected systems are AdTran SRG 834-5 devices running SmartOS 11.1.1.1, though the vendor disputes the exploitability from WAN interfaces.

💻 Affected Systems

Products:

AdTran SRG 834-5 HDC17600021F1

Versions: SmartOS 11.1.1.1 (test build 11.1.0.101-202106231430 mentioned but disputed)

Operating Systems: SmartOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vendor disputes that vulnerable builds were ever released to end users. SSH must be enabled during setup window.

📦 What is this software?

Sdg Smartos by Adtran

View all CVEs affecting Sdg Smartos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary commands, modify configurations, intercept traffic, or use the device as a pivot point into the network.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, service disruption, or credential harvesting from connected systems.

🟢

If Mitigated

Limited to internal network access attempts that fail due to proper credential management and network segmentation.

🌐 Internet-Facing: LOW (vendor disputes WAN accessibility, but if SSH is exposed, risk becomes HIGH)

🏢 Internal Only: HIGH (default credentials with root access during setup window)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires SSH access and knowledge of default credentials during setup window. Authentication is required but uses default credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SmartOS Version 12.1.3.1

Vendor Advisory: https://supportcommunity.adtran.com/t5/Security-Advisories/ADTSA-2024001-Multiple-vulnerabilities-in-Service-Delivery-Gateway-products/ta-p/39332

Restart Required: Yes

Instructions:

1. Download SmartOS Version 12.1.3.1 from AdTran support portal. 2. Backup current configuration. 3. Upload and apply the firmware update through the web interface or CLI. 4. Reboot the device. 5. Verify the update completed successfully.

🔧 Temporary Workarounds

Change Default Credentials Immediately

all

Change admin password during initial setup before exposing device to network

configure terminal
username admin password <new_strong_password>
write memory

Disable SSH or Restrict Access

all

Disable SSH if not needed or restrict to management network

configure terminal
no ip ssh server
write memory

🧯 If You Can't Patch

Ensure SSH is not exposed to untrusted networks and restrict to management VLAN
Implement strong password policy and change default credentials immediately after setup

🔍 How to Verify

Check if Vulnerable:

Check if device is running SmartOS 11.1.1.1 and SSH is enabled with default admin/admin credentials

Check Version:

show version

Verify Fix Applied:

Verify device shows SmartOS Version 12.1.3.1 and SSH uses non-default credentials

📡 Detection & Monitoring

Log Indicators:

Failed SSH login attempts with admin username
Successful SSH logins from unexpected sources
Configuration changes during initial setup period

Network Indicators:

SSH connection attempts to device on port 22 from unauthorized sources
Unusual outbound connections from the device

SIEM Query:

source="adtran_srg" AND (event="ssh_login" AND user="admin") OR (event="config_change" AND phase="setup")

📊 Metadata

CVE ID: CVE-2024-31970

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: July 24, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31970 Third Party Advisory
https://github.com/actuator/cve/blob/main/AdTran/SRG-834-5 Broken Link
https://supportcommunity.adtran.com/t5/Security-Advisories/ADTSA-2024001-Multiple-vulnerabilities-in-Service-Delivery-Gateway-products/ta-p/39332
https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31970 Third Party Advisory
https://github.com/actuator/cve/blob/main/AdTran/SRG-834-5 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31970, you might also want to check these: