CVE-2019-19148

moderate-risk
Published 2020-03-20

Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. Tellabs has addressed this issue in the SR30.1 and SR31.1 release on February 18, 2020.

Do I need to act?

~
8.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Optical Line Terminal 1150 Firmware

Affected Vendors

Tellabs

References (4)

https://docs.tellabs.com/articles/#%21vulnerability-response/cve-2019-19148
Exploit https://github.com/ellwoodthewood/tellabs_rce
https://docs.tellabs.com/articles/#%21vulnerability-response/cve-2019-19148
Exploit https://github.com/ellwoodthewood/tellabs_rce
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 5/34 · Minimal