Arris Cadant C3 CMTS Remote DoS VulnerabilityZDI-07-036: June 11th, 2007
Cadant C3 CMTS
This vulnerability allows remote attackers to cause a denial of service on vulnerable Arris Cadant C3 CMTS systems. Authentication is not required to exploit this vulnerability.
The flaw exists due to mishandling of IP options. When an unknown or bad option is specified, the C3 will terminate disabling all service that is handled by that CMTS. The vulnerability can be triggered with a single malformed IP packet.
Vendor ResponseArris has issued an update to correct this vulnerability. More details can be found at:
2007-02-23 - Vulnerability reported to vendor
2007-06-11 - Coordinated public release of advisory
CreditThis vulnerability was discovered by: