Sign-up

ID

VAR-200303-0053


CVE

CVE-2002-1558


TITLE

Cisco ONS15454 / ONS15327 Fibre Transport Platform Default Account Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2002-3962

DESCRIPTION

Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. Cisco ONS15454 and Cisco ONS15327 are optical fiber network platforms developed by CISCO.  Cisco ONS 15454 and Cisco ONS 15327 devices have default accounts. Remote attackers can use this vulnerability to gain unauthorized access and take complete control of the device.  TCC, TCC + and XTC contain a default username and password. This account can be used to access the VxWorks operating system, and this account cannot be changed or closed. Using this account, an attacker can remotely access through the Telnet service and take complete control of the device.  The vulnerability CISCO BUG ID is: CSCdy70756

Trust: 2.16

sources: NVD: CVE-2002-1558 // CNVD: CNVD-2002-3962 // BID: 6083 // IVD: c7e75360-23cd-11e6-abef-000c29c66e3d // IVD: 7d72f2c1-463f-11e9-af27-000c29342cb1 // VULHUB: VHN-5943

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.4

sources: IVD: c7e75360-23cd-11e6-abef-000c29c66e3d // IVD: 7d72f2c1-463f-11e9-af27-000c29342cb1 // CNVD: CNVD-2002-3962

AFFECTED PRODUCTS

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.2.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.3.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.1.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.2

Trust: 1.0

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:ciscomodel:ons 15327scope:eqversion:3.1

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:3.2.0

Trust: 0.6

vendor:ciscomodel:ons 15327scope:eqversion:3.2

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:3.1.0

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:3.0

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:3.3

Trust: 0.6

vendor:ciscomodel:ons 15327scope:eqversion:3.0

Trust: 0.6

vendor:ciscomodel:ons 15327scope:eqversion:3.3

Trust: 0.6

vendor:optical networkingmodel: - scope:eqversion:3.0

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:3.1.0

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:3.2

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:3.2.0

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:3.3.0

Trust: 0.4

vendor:ciscomodel:ons optical transport platformscope:eqversion:154543.3

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154543.2.0

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154543.1.0

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154543.0

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153273.3

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153273.2

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153273.1

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153273.0

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:neversion:154543.4

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:153273.4

Trust: 0.3

sources: IVD: c7e75360-23cd-11e6-abef-000c29c66e3d // IVD: 7d72f2c1-463f-11e9-af27-000c29342cb1 // CNVD: CNVD-2002-3962 // BID: 6083 // CNNVD: CNNVD-200303-117 // NVD: CVE-2002-1558

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1558
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200303-117
value: CRITICAL

Trust: 0.6

IVD: c7e75360-23cd-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 7d72f2c1-463f-11e9-af27-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-5943
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1558
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IVD: c7e75360-23cd-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d72f2c1-463f-11e9-af27-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-5943
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: c7e75360-23cd-11e6-abef-000c29c66e3d // IVD: 7d72f2c1-463f-11e9-af27-000c29342cb1 // VULHUB: VHN-5943 // CNNVD: CNNVD-200303-117 // NVD: CVE-2002-1558

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1558

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-117

TYPE

Design error

Trust: 1.3

sources: IVD: c7e75360-23cd-11e6-abef-000c29c66e3d // IVD: 7d72f2c1-463f-11e9-af27-000c29342cb1 // BID: 6083 // CNNVD: CNNVD-200303-117

EXTERNAL IDS

db:NVDid:CVE-2002-1558

Trust: 3.0

db:BIDid:6083

Trust: 2.0

db:CNNVDid:CNNVD-200303-117

Trust: 1.1

db:CNVDid:CNVD-2002-3962

Trust: 1.0

db:XFid:10510

Trust: 0.6

db:CISCOid:20021031 CISCO ONS15454 AND CISCO ONS15327 VULNERABILITIES

Trust: 0.6

db:IVDid:C7E75360-23CD-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:7D72F2C1-463F-11E9-AF27-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-5943

Trust: 0.1

sources: IVD: c7e75360-23cd-11e6-abef-000c29c66e3d // IVD: 7d72f2c1-463f-11e9-af27-000c29342cb1 // CNVD: CNVD-2002-3962 // VULHUB: VHN-5943 // BID: 6083 // CNNVD: CNNVD-200303-117 // NVD: CVE-2002-1558

REFERENCES

url:http://www.securityfocus.com/bid/6083

Trust: 1.7

url:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml

Trust: 1.7

url:http://www.iss.net/security_center/static/10510.php

Trust: 1.7

sources: VULHUB: VHN-5943 // CNNVD: CNNVD-200303-117 // NVD: CVE-2002-1558

CREDITS

This issue was reported in a Cisco Security Advisory.

Trust: 0.3

sources: BID: 6083

SOURCES

db:IVDid:c7e75360-23cd-11e6-abef-000c29c66e3d
db:IVDid:7d72f2c1-463f-11e9-af27-000c29342cb1
db:CNVDid:CNVD-2002-3962
db:VULHUBid:VHN-5943
db:BIDid:6083
db:CNNVDid:CNNVD-200303-117
db:NVDid:CVE-2002-1558

LAST UPDATE DATE

2024-08-14T13:40:27.852000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2002-3962date:2002-10-31T00:00:00
db:VULHUBid:VHN-5943date:2018-10-30T00:00:00
db:BIDid:6083date:2009-07-11T18:06:00
db:CNNVDid:CNNVD-200303-117date:2005-10-20T00:00:00
db:NVDid:CVE-2002-1558date:2018-10-30T16:26:17.187

SOURCES RELEASE DATE

db:IVDid:c7e75360-23cd-11e6-abef-000c29c66e3ddate:2002-10-31T00:00:00
db:IVDid:7d72f2c1-463f-11e9-af27-000c29342cb1date:2002-10-31T00:00:00
db:CNVDid:CNVD-2002-3962date:2002-10-31T00:00:00
db:VULHUBid:VHN-5943date:2003-03-31T00:00:00
db:BIDid:6083date:2002-10-31T00:00:00
db:CNNVDid:CNNVD-200303-117date:2002-10-31T00:00:00
db:NVDid:CVE-2002-1558date:2003-03-31T05:00:00