TippingPoint Zero Day Initiative

Arris Cadant C3 CMTS Remote DoS Vulnerability

ZDI-07-036: June 11th, 2007


Affected Vendors


Affected Products

    Cadant C3 CMTS

Vulnerability Details

This vulnerability allows remote attackers to cause a denial of service on vulnerable Arris Cadant C3 CMTS systems. Authentication is not required to exploit this vulnerability.

The flaw exists due to mishandling of IP options. When an unknown or bad option is specified, the C3 will terminate disabling all service that is handled by that CMTS. The vulnerability can be triggered with a single malformed IP packet.

Vendor Response

Arris has issued an update to correct this vulnerability. More details can be found at:

Disclosure Timeline

    2007-02-23 - Vulnerability reported to vendor
    2007-06-11 - Coordinated public release of advisory


This vulnerability was discovered by: