VAR-200402-0093
Vulnerability from variot - Updated: 2022-05-04 09:01Cisco ONS is a fiber optic network platform developed by CISCO. Cisco ONS has multiple vulnerabilities that can result in unauthorized access to the device, denial of service, or lock-in of the account and continued authentication. The Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 can be managed through XTC, TCC+/TCC2, TCCi/TCC2, and TSC control cards, which are typically isolated from the INTERNET and only connected to the local network environment. The following vulnerabilities exist: - CSCec17308/CSCec19124(tftp) The TFTP service uses UDP port 69 by default, allowing GET and PUT commands without any authentication. The client can connect to the fiber device and upload and download any user data. - CSCec17406 (port 1080) Cisco ONS 15327, ONS 15454 and ONS 15454 SDH hardware have ACK denial of service attacks on TCP 1080 ports, and TCP 1080 ports are used for network management to communicate with control cards. A ACK denial of service attack can result in a control card reset on a fiber optic device. - CSCec66884/CSCec71157 (SU access) By default, only superusers are allowed to telnet access to the VxWorks operating system. Due to this vulnerability, if the superuser account is disabled, locked and suspended, the VxWorks shell can still be logged in using the setup password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200402-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-0509"
}
]
},
"cve": "CAN-2004-0307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "393fb73a-2038-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "393fb73a-2038-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1"
},
{
"db": "IVD",
"id": "393fb73a-2038-11e6-abef-000c29c66e3d"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ONS is a fiber optic network platform developed by CISCO. Cisco ONS has multiple vulnerabilities that can result in unauthorized access to the device, denial of service, or lock-in of the account and continued authentication. The Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 can be managed through XTC, TCC+/TCC2, TCCi/TCC2, and TSC control cards, which are typically isolated from the INTERNET and only connected to the local network environment. The following vulnerabilities exist: - CSCec17308/CSCec19124(tftp) The TFTP service uses UDP port 69 by default, allowing GET and PUT commands without any authentication. The client can connect to the fiber device and upload and download any user data. - CSCec17406 (port 1080) Cisco ONS 15327, ONS 15454 and ONS 15454 SDH hardware have ACK denial of service attacks on TCP 1080 ports, and TCP 1080 ports are used for network management to communicate with control cards. A ACK denial of service attack can result in a control card reset on a fiber optic device. - CSCec66884/CSCec71157 (SU access) By default, only superusers are allowed to telnet access to the VxWorks operating system. Due to this vulnerability, if the superuser account is disabled, locked and suspended, the VxWorks shell can still be logged in using the setup password",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-0509"
},
{
"db": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1"
},
{
"db": "IVD",
"id": "393fb73a-2038-11e6-abef-000c29c66e3d"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2004-0509",
"trust": 1.0
},
{
"db": "XF",
"id": "15265",
"trust": 0.6
},
{
"db": "NVD",
"id": "CAN-2004-0307",
"trust": 0.6
},
{
"db": "CNCVE",
"id": "CNCVE-20040307",
"trust": 0.6
},
{
"db": "BID",
"id": "9699",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7F9CF1-463F-11E9-8F90-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "393FB73A-2038-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1"
},
{
"db": "IVD",
"id": "393fb73a-2038-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-0509"
}
]
},
"id": "VAR-200402-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1"
},
{
"db": "IVD",
"id": "393fb73a-2038-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-0509"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1"
},
{
"db": "IVD",
"id": "393fb73a-2038-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-0509"
}
]
},
"last_update_date": "2022-05-04T09:01:24.904000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/9699"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0307"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15265"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-0509"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1"
},
{
"db": "IVD",
"id": "393fb73a-2038-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-0509"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-19T00:00:00",
"db": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1"
},
{
"date": "2004-02-19T00:00:00",
"db": "IVD",
"id": "393fb73a-2038-11e6-abef-000c29c66e3d"
},
{
"date": "2004-02-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0509"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0509"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CNVD-2004-0509",
"sources": [
{
"db": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1"
},
{
"db": "IVD",
"id": "393fb73a-2038-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-0509"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d7f9cf1-463f-11e9-8f90-000c29342cb1"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…