Details of VAR-200303-0050

ID

VAR-200303-0050

CVE

CVE-2002-1555

TITLE

Cisco ONS15454/ONS15327 Optical fiber transmission platform SNMP Community string vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200303-105

DESCRIPTION

Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information. Cisco ONS15454 and Cisco ONS15327 are fiber optic network platforms developed by CISCO. The CISCO BUG ID of this vulnerability is: CSCdv62307 <* link: http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml *>

Trust: 1.26

sources: NVD: CVE-2002-1555 // BID: 6081 // VULHUB: VHN-5940

AFFECTED PRODUCTS

vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2	Trust: 1.0
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.1	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.2.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.2	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.1.0	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.3	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.2.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.1.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.0	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.3	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.2	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.1	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	ne	version:	154543.4	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	153273.4	Trust: 0.3

sources: BID: 6081 // CNNVD: CNNVD-200303-105 // NVD: CVE-2002-1555

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1555
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200303-105
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5940
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1555
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5940
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5940 // CNNVD: CNNVD-200303-105 // NVD: CVE-2002-1555

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1555

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-105

TYPE

Design Error

Trust: 0.9

sources: BID: 6081 // CNNVD: CNNVD-200303-105

EXTERNAL IDS

db:	BID	id:	6081	Trust: 2.0
db:	NVD	id:	CVE-2002-1555	Trust: 2.0
db:	CNNVD	id:	CNNVD-200303-105	Trust: 0.7
db:	CISCO	id:	20021031 CISCO ONS15454 AND CISCO ONS15327 VULNERABILITIES	Trust: 0.6
db:	XF	id:	10507	Trust: 0.6
db:	VULHUB	id:	VHN-5940	Trust: 0.1

sources: VULHUB: VHN-5940 // BID: 6081 // CNNVD: CNNVD-200303-105 // NVD: CVE-2002-1555

REFERENCES

url:	http://www.securityfocus.com/bid/6081	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml	Trust: 1.7
url:	http://www.iss.net/security_center/static/10507.php	Trust: 1.7

sources: VULHUB: VHN-5940 // CNNVD: CNNVD-200303-105 // NVD: CVE-2002-1555

CREDITS

This issue was reported in a Cisco Security Advisory.

Trust: 0.3

sources: BID: 6081

SOURCES

db:	VULHUB	id:	VHN-5940
db:	BID	id:	6081
db:	CNNVD	id:	CNNVD-200303-105
db:	NVD	id:	CVE-2002-1555

LAST UPDATE DATE

2024-08-14T13:40:27.800000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5940	date:	2018-10-30T00:00:00
db:	BID	id:	6081	date:	2009-07-11T18:06:00
db:	CNNVD	id:	CNNVD-200303-105	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1555	date:	2018-10-30T16:26:17.187

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5940	date:	2003-03-31T00:00:00
db:	BID	id:	6081	date:	2002-10-31T00:00:00
db:	CNNVD	id:	CNNVD-200303-105	date:	2002-10-31T00:00:00
db:	NVD	id:	CVE-2002-1555	date:	2003-03-31T05:00:00