Description
Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence that appears in ICMP packets, the subject of an e-mail message, IRC commands, and others.
Product(s):
- Logicode Quicktel 28.8
- Diamond Supra 33.6 Modem
- Diamond Supra V.90 Modem
- US Robotics 33.6
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-1999-1228, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-1999-1228 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.