Details of VAR-200303-0051

ID

VAR-200303-0051

CVE

CVE-2002-1556

TITLE

Cisco ONS15454/ONS15327 Optical fiber transmission platform CORBA IOR Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200303-104

DESCRIPTION

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR). A vulnerability has been discovered in Cisco ONS1545 Optical Transport and Cisco ONS15327 Edge Optical Transport platforms. Exploiting this issue will result in the denial of legitimate network requests to the TCC, TCC+, or XTC control card. The Cisco ONS15454 and Cisco ONS15327 have an issue with illegal CORBA IOR requests. A remote attacker can exploit this vulnerability to reset the device, resulting in a denial of service. The CISCO BUG ID of this vulnerability is: CSCdw15690 <* link: http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml *>

Trust: 1.26

sources: NVD: CVE-2002-1556 // BID: 6084 // VULHUB: VHN-5941

AFFECTED PRODUCTS

vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2	Trust: 1.0
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.1	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.2.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.2	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.1.0	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.3	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.2.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.1.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.0	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.3	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.2	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.1	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	ne	version:	154543.4	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	153273.4	Trust: 0.3

sources: BID: 6084 // CNNVD: CNNVD-200303-104 // NVD: CVE-2002-1556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1556
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200303-104
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5941
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1556
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5941
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5941 // CNNVD: CNNVD-200303-104 // NVD: CVE-2002-1556

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1556

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-104

TYPE

Design Error

Trust: 0.9

sources: BID: 6084 // CNNVD: CNNVD-200303-104

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1556	Trust: 2.0
db:	BID	id:	6084	Trust: 2.0
db:	CNNVD	id:	CNNVD-200303-104	Trust: 0.7
db:	CISCO	id:	20021031 CISCO ONS15454 AND CISCO ONS15327 VULNERABILITIES	Trust: 0.6
db:	XF	id:	10508	Trust: 0.6
db:	VULHUB	id:	VHN-5941	Trust: 0.1

sources: VULHUB: VHN-5941 // BID: 6084 // CNNVD: CNNVD-200303-104 // NVD: CVE-2002-1556

REFERENCES

url:	http://www.securityfocus.com/bid/6084	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml	Trust: 1.7
url:	http://www.iss.net/security_center/static/10508.php	Trust: 1.7

sources: VULHUB: VHN-5941 // CNNVD: CNNVD-200303-104 // NVD: CVE-2002-1556

CREDITS

This issue was reported in a Cisco Security Advisory.

Trust: 0.3

sources: BID: 6084

SOURCES

db:	VULHUB	id:	VHN-5941
db:	BID	id:	6084
db:	CNNVD	id:	CNNVD-200303-104
db:	NVD	id:	CVE-2002-1556

LAST UPDATE DATE

2024-08-14T13:40:27.825000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5941	date:	2018-10-30T00:00:00
db:	BID	id:	6084	date:	2009-07-11T18:06:00
db:	CNNVD	id:	CNNVD-200303-104	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1556	date:	2018-10-30T16:26:17.187

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5941	date:	2003-03-31T00:00:00
db:	BID	id:	6084	date:	2002-10-31T00:00:00
db:	CNNVD	id:	CNNVD-200303-104	date:	2002-10-31T00:00:00
db:	NVD	id:	CVE-2002-1556	date:	2003-03-31T05:00:00