Description
US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt.
Product(s):
- 3Com Total Control NetServer Card
- 3Com Total Control NETServer Card
- 3Com Total Control NETServer Card 3.7.24
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-1999-1389, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-1999-1389 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.