Details of VAR-200303-0048

ID

VAR-200303-0048

CVE

CVE-2002-1553

TITLE

Cisco ONS15454/ONS15327 Optical fiber transmission platform is not authorized FTP Access vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200303-084

DESCRIPTION

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. It is possible for attackers to authenticate to FTP services on TCC, TCC+ and XTC control cards using a non-existent username/password. Unauthorized FTP access will enable an attacker to upload modified configuration files or delete software images. To exploit this issue, the attacker must be able to access the FTP services on TCC, TCC+ and XTC control cards. Cisco ONS15454 and Cisco ONS15327 are fiber optic network platforms developed by CISCO. There is a flaw in the FTP service implementation of Cisco ONS15454 and Cisco ONS15327 devices. The CISCO BUG ID of this vulnerability is: CSCds52295 < *Link: http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml* >

Trust: 1.26

sources: NVD: CVE-2002-1553 // BID: 6076 // VULHUB: VHN-5938

AFFECTED PRODUCTS

vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2	Trust: 1.0
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.1	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.2.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.2	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.1.0	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.3	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.2.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.1.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.0	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.3	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.2	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.1	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	ne	version:	154543.4	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	153273.4	Trust: 0.3

sources: BID: 6076 // CNNVD: CNNVD-200303-084 // NVD: CVE-2002-1553

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1553
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200303-084
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5938
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1553
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5938
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5938 // CNNVD: CNNVD-200303-084 // NVD: CVE-2002-1553

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1553

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-084

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200303-084

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1553	Trust: 2.0
db:	BID	id:	6076	Trust: 2.0
db:	CNNVD	id:	CNNVD-200303-084	Trust: 0.7
db:	CISCO	id:	20021031 CISCO ONS15454 AND CISCO ONS15327 VULNERABILITIES	Trust: 0.6
db:	XF	id:	10505	Trust: 0.6
db:	VULHUB	id:	VHN-5938	Trust: 0.1

sources: VULHUB: VHN-5938 // BID: 6076 // CNNVD: CNNVD-200303-084 // NVD: CVE-2002-1553

REFERENCES

url:	http://www.securityfocus.com/bid/6076	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml	Trust: 1.7
url:	http://www.iss.net/security_center/static/10505.php	Trust: 1.7

sources: VULHUB: VHN-5938 // CNNVD: CNNVD-200303-084 // NVD: CVE-2002-1553

CREDITS

This issue was reported in a Cisco Security Advisory.

Trust: 0.3

sources: BID: 6076

SOURCES

db:	VULHUB	id:	VHN-5938
db:	BID	id:	6076
db:	CNNVD	id:	CNNVD-200303-084
db:	NVD	id:	CVE-2002-1553

LAST UPDATE DATE

2024-08-14T13:40:27.720000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5938	date:	2018-10-30T00:00:00
db:	BID	id:	6076	date:	2009-07-11T18:06:00
db:	CNNVD	id:	CNNVD-200303-084	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1553	date:	2018-10-30T16:26:17.187

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5938	date:	2003-03-31T00:00:00
db:	BID	id:	6076	date:	2002-10-31T00:00:00
db:	CNNVD	id:	CNNVD-200303-084	date:	2002-10-31T00:00:00
db:	NVD	id:	CVE-2002-1553	date:	2003-03-31T05:00:00