Details of VAR-200303-0049

ID

VAR-200303-0049

CVE

CVE-2002-1554

TITLE

Cisco ONS15454/ONS15327 Optical fiber transmission platform plaintext verification information vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200303-108

DESCRIPTION

Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup. An attacker with access to the backup of the running image database may trivially retrieve these credentials. Cisco ONS15454 and Cisco ONS15327 are fiber optic network platforms developed by CISCO. Cisco ONS15454 and Cisco ONS15327 devices store user names and passwords in clear text in the backup database. Remote attackers can use this vulnerability to obtain relevant user authentication information, such as administrator passwords, and use these information to access and fully control the Cisco ONS system platform. The CISCO BUG ID of this vulnerability is: CSCdt84146 < *Link: http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml* >

Trust: 1.26

sources: NVD: CVE-2002-1554 // BID: 6078 // VULHUB: VHN-5939

AFFECTED PRODUCTS

vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2	Trust: 1.0
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.1	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.2.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.2	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.1.0	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.3	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.2.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.1.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.0	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.3	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.2	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.1	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	ne	version:	154543.4	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	153273.4	Trust: 0.3

sources: BID: 6078 // CNNVD: CNNVD-200303-108 // NVD: CVE-2002-1554

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1554
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200303-108
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5939
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1554
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5939
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5939 // CNNVD: CNNVD-200303-108 // NVD: CVE-2002-1554

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1554

THREAT TYPE

local

Trust: 0.9

sources: BID: 6078 // CNNVD: CNNVD-200303-108

TYPE

Design Error

Trust: 0.9

sources: BID: 6078 // CNNVD: CNNVD-200303-108

EXTERNAL IDS

db:	BID	id:	6078	Trust: 2.0
db:	NVD	id:	CVE-2002-1554	Trust: 2.0
db:	CNNVD	id:	CNNVD-200303-108	Trust: 0.7
db:	CISCO	id:	20021031 CISCO ONS15454 AND CISCO ONS15327 VULNERABILITIES	Trust: 0.6
db:	XF	id:	10506	Trust: 0.6
db:	VULHUB	id:	VHN-5939	Trust: 0.1

sources: VULHUB: VHN-5939 // BID: 6078 // CNNVD: CNNVD-200303-108 // NVD: CVE-2002-1554

REFERENCES

url:	http://www.securityfocus.com/bid/6078	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml	Trust: 1.7
url:	http://www.iss.net/security_center/static/10506.php	Trust: 1.7

sources: VULHUB: VHN-5939 // CNNVD: CNNVD-200303-108 // NVD: CVE-2002-1554

CREDITS

This issue was reported in a Cisco Security Advisory.

Trust: 0.3

sources: BID: 6078

SOURCES

db:	VULHUB	id:	VHN-5939
db:	BID	id:	6078
db:	CNNVD	id:	CNNVD-200303-108
db:	NVD	id:	CVE-2002-1554

LAST UPDATE DATE

2024-08-14T13:40:27.746000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5939	date:	2018-10-30T00:00:00
db:	BID	id:	6078	date:	2009-07-11T18:06:00
db:	CNNVD	id:	CNNVD-200303-108	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1554	date:	2018-10-30T16:26:17.187

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5939	date:	2003-03-31T00:00:00
db:	BID	id:	6078	date:	2002-10-31T00:00:00
db:	CNNVD	id:	CNNVD-200303-108	date:	2002-10-31T00:00:00
db:	NVD	id:	CVE-2002-1554	date:	2003-03-31T05:00:00