Title: 3Com OfficeConnect ADSL Router Port Address Translation Access Control Bypassing Vulnerability
Severity: HIGH
Description:
OfficeConnect ADSL routers are a hardware and switch solution distributed by 3Com.
A problem with the router could make it possible for remote users to gain unauthorized access to systems. The problem is in the handling of port address translation.
Port Address Translation (PAT) is functionality built into an OfficeConnect router to allow redirection of some traffic. PAT works by taking connections to specific ports on an OfficeConnect router, and redirecting them to a system behind the router, specified in the firmware configuration.
Under some circumstances, it may be possible for a remote user to gain unauthorized access to information systems behind a 3Com OfficeConnect router. The OfficeConnect does not properly handle PAT, and may allow a remote attacker to connect to arbitrary ports on a system behind a PAT rule.
An attacker sending a connection to PAT port will be routed to the system behind the PAT rule. If an additional connection attempt on a different port is attempted immediately after the PAT connection, the router will relay the connection to the appropriate port on the system with which the PAT connection exists.
This could give an attacker unauthorized access to a system, and could additionally result in the compromise of insecure systems.
It has been reported that this issue results when iPAT/iNAT is enabled.
Affected Products:
- 3Com OfficeConnect DSL Router 812 1.1.7
- 3Com OfficeConnect DSL Router 812 1.1.9
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
