CVE-2021-25681
published 2021-04-20CVE-2021-25681: AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
13.42%
95.9th percentile
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adtran | personal_phone_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP GET requests to the AdTran Personal Phone Manager server where the Host header does not match the GET request URI (i.e., the GET line references an external/attacker-controlled domain), which is the trigger for arbitrary DNS resolution and tunneling. ↗
- →Monitor AdTran Personal Phone Manager (NetVanta 7060/7100) servers for outbound DNS queries to domains not matching the application's own namespace — especially queries triggered by inbound HTTP requests with mismatched Host vs. GET-line URIs, which indicates DNS tunneling/C2 redirection abuse. ↗
- →Look for HTTP requests to AdTran Personal Phone Manager with Cache-Control: no-cache, no-transform and Pragma: no-cache headers combined with an external domain in the request line — this matches the PoC exploit pattern. ↗
- ·The vulnerability affects only AdTran Personal Phone Manager v10.8.1 running on NetVanta 7060 and NetVanta 7100 appliances, both of which are End of Life (software support ended June 2018, product EOL December 2020). No patch will be issued by AdTran. ↗
- ·Exploitation requires the AdTran Personal Phone Manager web server to be exposed/reachable by the attacker. Restricting external access to the management interface reduces attack surface. ↗
- ·Mitigation guidance from the researcher is to reconfigure the server to not perform arbitrary DNS lookups when Host/GET requests do not match, and to scope requests only within the application context — however, since the product is EOL, vendor-supported remediation is unavailable. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rmmm-93q6-jw8j: ** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10
ghsa_unreviewed·2022-05-24
CVE-2021-25681 [HIGH] GHSA-rmmm-93q6-jw8j: ** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.
Cisco
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
vendor_cisco·2021-01-19·CVSS 8.1
CVE-2020-25681 [HIGH] CWE-340 Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq.
Exploitation of these vulnerabilities could result in remote code execution or denial of service (DoS), or may allow an attacker to more easily forge DNS answers that can poison DNS caches, depending on the specific vulnerability.
Multiple Cisco products are affected by these vulnerabilities.
Cisco will release software updates that address these vulnerabilities. Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products section of
Cisco
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
vendor_cisco·CVSS 3.1
CVE-2020-25681 Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
CVE-2020-25681: Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq . Exploitation of these vulnerabilities could result in remote code execution or denial of service (DoS), or may allow an attacker to more easily forge DNS answers that can poison DNS caches, depending on the specific vulnerability. Multiple Cisco products are affected by these vulnerabilities. Cisco will release software updates that address these vulnerabilities. Any
CVSS: 3.1
CWE: CWE-340, CWE-340
Bug IDs: CSCvv83232, CSCvw00918, CSCvx17339, CSCvv83232, CSCvw00918
No detection rules found.
No writeups or analysis indexed.
http://adtran.comhttp://packetstormsecurity.com/files/162280/Adtran-Personal-Phone-Manager-10.8.1-DNS-Exfiltration.htmlhttps://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25681.mdhttp://adtran.comhttp://packetstormsecurity.com/files/162280/Adtran-Personal-Phone-Manager-10.8.1-DNS-Exfiltration.htmlhttps://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25681.md
2021-04-20
Published