CVE-2018-19648

Name of the Vulnerable Software and Affected Versions ADTRAN PMAA versions 1.6.2-1 through 1.6.4

Description An issue was discovered that allows unprivileged users to create privileged users and execute arbitrary commands. This is achieved through the use of the diagnostic-profile over RESTCONF, due to a flaw in NETCONF Access Management (NACM).

Recommendations For ADTRAN PMAA versions 1.6.2-1 through 1.6.4, consider restricting access to the diagnostic-profile over RESTCONF until a patch is available. As a temporary workaround, limit the creation of new users and monitor user activity closely to prevent potential exploitation.