Title: APC Telnet Administration Denial of Service Vulnerability
Severity: MODERATE
Description:
Symmetra is an Uninterruptable Power Supply manufactured by American Power Conversation Corporation (APC). Symmetra supports network options that allow a remote administrator to access the system via telnet, and gather information from the power supply via SNMP.
The Symmetra system is similar in features to other APC products, supporting network availability for configuration, administration, and status reporting. Therefore, this problem may affect other APC UPS systems as well as the Symmetra.
A problem in the network code of the firmware may allow a remote denial of service attack, preventing administrative access to the power supply. This is due to the handling of telnet sessions by the firmware. By design, the firmware permits only one telnet connection to the system, rather than the conventional fork() of a process to a different socket, and continued listening on port 23 for other incoming connections.
In addition to restricted telnet access, the system also times out all telnet connections after three failures, leaving the system unaccessible for a period between 1 and 10 minutes.
This makes the system vulnerable to a denial of service attack, thus perventing administrative access to the power supply for the duration of the attack.
Affected Products:
- APC WEB/SNMP Management Card (9606) Firmware 3.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
