Details of VAR-200402-0093

ID

VAR-200402-0093

CVE

CAN-2004-0307

TITLE

CNVD-2004-0509

Trust: 1.0

sources: IVD: 7d7f9cf1-463f-11e9-8f90-000c29342cb1 // IVD: 393fb73a-2038-11e6-abef-000c29c66e3d // CNVD: CNVD-2004-0509

DESCRIPTION

Cisco ONS is a fiber optic network platform developed by CISCO. Cisco ONS has multiple vulnerabilities that can result in unauthorized access to the device, denial of service, or lock-in of the account and continued authentication. The Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 can be managed through XTC, TCC+/TCC2, TCCi/TCC2, and TSC control cards, which are typically isolated from the INTERNET and only connected to the local network environment. The following vulnerabilities exist: - CSCec17308/CSCec19124(tftp) The TFTP service uses UDP port 69 by default, allowing GET and PUT commands without any authentication. The client can connect to the fiber device and upload and download any user data. - CSCec17406 (port 1080) Cisco ONS 15327, ONS 15454 and ONS 15454 SDH hardware have ACK denial of service attacks on TCP 1080 ports, and TCP 1080 ports are used for network management to communicate with control cards. A ACK denial of service attack can result in a control card reset on a fiber optic device. - CSCec66884/CSCec71157 (SU access) By default, only superusers are allowed to telnet access to the VxWorks operating system. Due to this vulnerability, if the superuser account is disabled, locked and suspended, the VxWorks shell can still be logged in using the setup password

Trust: 0.9

sources: CNVD: CNVD-2004-0509 // IVD: 7d7f9cf1-463f-11e9-8f90-000c29342cb1 // IVD: 393fb73a-2038-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:	['IoT', 'ICS']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.4

sources: IVD: 7d7f9cf1-463f-11e9-8f90-000c29342cb1 // IVD: 393fb73a-2038-11e6-abef-000c29c66e3d // CNVD: CNVD-2004-0509

AFFECTED PRODUCTS

vendor:

model:

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2004-0509

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	7d7f9cf1-463f-11e9-8f90-000c29342cb1
value:	HIGH
Trust: 0.2
IVD:	393fb73a-2038-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	7d7f9cf1-463f-11e9-8f90-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	393fb73a-2038-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 7d7f9cf1-463f-11e9-8f90-000c29342cb1 // IVD: 393fb73a-2038-11e6-abef-000c29c66e3d

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: 7d7f9cf1-463f-11e9-8f90-000c29342cb1

EXTERNAL IDS

db:	CNVD	id:	CNVD-2004-0509	Trust: 1.0
db:	XF	id:	15265	Trust: 0.6
db:	NVD	id:	CAN-2004-0307	Trust: 0.6
db:	CNCVE	id:	CNCVE-20040307	Trust: 0.6
db:	BID	id:	9699	Trust: 0.6
db:	IVD	id:	7D7F9CF1-463F-11E9-8F90-000C29342CB1	Trust: 0.2
db:	IVD	id:	393FB73A-2038-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 7d7f9cf1-463f-11e9-8f90-000c29342cb1 // IVD: 393fb73a-2038-11e6-abef-000c29c66e3d // CNVD: CNVD-2004-0509

REFERENCES

url:	http://www.securityfocus.com/bid/9699	Trust: 1.2
url:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0307	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/15265	Trust: 0.6

sources: CNVD: CNVD-2004-0509

SOURCES

db:	IVD	id:	7d7f9cf1-463f-11e9-8f90-000c29342cb1
db:	IVD	id:	393fb73a-2038-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2004-0509

LAST UPDATE DATE

2022-05-04T09:01:24.904000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2004-0509

date:

2004-02-19T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	7d7f9cf1-463f-11e9-8f90-000c29342cb1	date:	2004-02-19T00:00:00
db:	IVD	id:	393fb73a-2038-11e6-abef-000c29c66e3d	date:	2004-02-19T00:00:00
db:	CNVD	id:	CNVD-2004-0509	date:	2004-02-19T00:00:00