PT-2017-17151 · Sagemcom · Livebox 3

Published

2017-03-09

Updated

2019-10-03

CVE-2017-6552

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Livebox 3 Sagemcom SG30 sip-fr version 5.15.8.1

Description The issue is related to an insufficiently large default value for the maximum IPv6 routing table size, which can be filled within minutes. An attacker can exploit this to render the system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.

Recommendations For Livebox 3 Sagemcom SG30 sip-fr version 5.15.8.1, consider increasing the default value for the maximum IPv6 routing table size to prevent it from being filled and causing a denial-of-service condition. As a temporary workaround, restrict access to the IPv6 routing table to minimize the risk of exploitation.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2017-6552

Affected Products

Livebox 3

PT-2017-17151 · Sagemcom · Livebox 3

CVE-2017-6552

Weakness Enumeration

Related Identifiers

Affected Products

References · 5