CVE-2024-28813 is a vulnerability identified in the Infinera hiT 7300 optical transport appliance, specifically in version 5.60.50. The issue stems from undocumented privileged functions within the @CT management application, which allow an attacker with high-level privileges to activate remote SSH access to the device via an unexpected network interface. This means that an attacker who already has some form of privileged access can enable SSH access remotely on interfaces not intended for management, potentially bypassing network segmentation or firewall rules. The vulnerability is classified under CWE-269 (Improper Privilege Management), indicating that the system fails to properly restrict privileged operations. The CVSS v3.1 base score is 8.4, with vector AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating that the attack requires adjacent network access, low attack complexity, high privileges, no user interaction, and results in a complete compromise of confidentiality, integrity, and availability with scope change. Although no public exploits are known at this time and no patches have been published, the presence of undocumented privileged functions suggests a design or implementation flaw that could be leveraged by insiders or attackers who have already breached perimeter defenses. The vulnerability could allow attackers to establish persistent, unauthorized remote access to critical network infrastructure, facilitating further attacks or espionage. Given the critical role of Infinera hiT 7300 in optical transport networks, exploitation could have severe consequences for telecommunications providers and their customers.

The impact of CVE-2024-28813 is significant for organizations relying on Infinera hiT 7300 appliances in their network infrastructure, particularly telecommunications providers and large enterprises with optical transport networks. Successful exploitation allows attackers with high privileges to enable remote SSH access on unexpected network interfaces, potentially bypassing network segmentation and exposing the device to remote compromise. This can lead to full control over the appliance, enabling attackers to intercept, manipulate, or disrupt network traffic, degrade service availability, and compromise sensitive data confidentiality and integrity. The vulnerability could facilitate lateral movement within a network and persistent access, increasing the risk of large-scale network outages or espionage. Since the device is critical infrastructure, exploitation could have cascading effects on dependent services and customers. The lack of patches and public exploits means organizations must proactively mitigate risk to prevent potential future attacks.

To mitigate CVE-2024-28813, organizations should immediately audit and restrict access to the @CT management application and any privileged functions within the Infinera hiT 7300 appliance. Network segmentation should be enforced to limit access to management interfaces strictly to trusted administrative hosts. Disable or restrict any undocumented or unnecessary privileged functions if possible. Monitor logs and network traffic for unusual SSH activation or connections on unexpected interfaces. Implement strict role-based access controls and multi-factor authentication for all privileged users to reduce the risk of insider threats or credential compromise. Regularly review and update firewall rules to block unauthorized access to network interfaces that should not accept SSH connections. Engage with Infinera support to obtain guidance on patches or firmware updates addressing this vulnerability and apply them promptly once available. Consider deploying network intrusion detection systems tuned to detect anomalous management activity. Finally, conduct security awareness training for administrators to recognize and report suspicious behavior related to device management.