Sign-up

ID

VAR-200411-0074


CVE

CVE-2004-0306


TITLE

Cisco Systems  optical networking systems software  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000939

DESCRIPTION

Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories. Cisco Systems optical networking systems software Exists in unspecified vulnerabilities.None. Cisco ONS is a fiber optic network platform developed by CISCO.  There are multiple vulnerabilities in Cisco ONS that can lead to attacks such as unauthorized access to the device, denial of service, or locked account and continued authentication. These control cards are generally isolated from the Internet and connected only to the local network environment. The following vulnerabilities exist:  -CSCec17308 / CSCec19124 (tftp)  The TFTP service uses UDP port 69 by default, allowing GET and PUT commands to be performed without any authentication, and the client can connect to the fiber optic device to upload and download arbitrary user data. TCP 1080 port is used for network management and control card communication. An ACK denial of service attack can cause the control card on a fiber optic device to reset.  -CSCec66884 / CSCec71157 (SU access)  By default, only superusers are allowed to telnet access to the VxWorks operating system. Due to this vulnerability, if the superuser account is blocked, locked and suspended, you can still log in to the VxWorks shell using the set password. It should be noted that the various ONS platforms are intended to be deployed on networks that are physically separated from the Internet, so exposure to these issues by remote attackers is limited

Trust: 2.88

sources: NVD: CVE-2004-0306 // JVNDB: JVNDB-2004-000939 // CNVD: CNVD-2004-0503 // BID: 9699 // IVD: ebe2df6a-23cc-11e6-abef-000c29c66e3d // IVD: 7d7fc400-463f-11e9-a58e-000c29342cb1 // VULHUB: VHN-8736

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.4

sources: IVD: ebe2df6a-23cc-11e6-abef-000c29c66e3d // IVD: 7d7fc400-463f-11e9-a58e-000c29342cb1 // CNVD: CNVD-2004-0503

AFFECTED PRODUCTS

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1\(2\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.0\(1\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.0\(2\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.5

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:1.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1\(0\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.0.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1\(1\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1\(3\)

Trust: 1.0

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.5

Trust: 0.9

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.0

Trust: 0.9

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1(2)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.0.0

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1(0)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:1.0

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1(1)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.5

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.0(2)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1.0

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.0(1)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1(3)

Trust: 0.8

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:4.1\(3\)

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:4.1\(1\)

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:4.1\(2\)

Trust: 0.6

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1\(1\)

Trust: 0.6

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1\(0\)

Trust: 0.6

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1\(2\)

Trust: 0.6

vendor:ciscomodel:ons 15600scope:eqversion:1.0

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:4.0\(1\)

Trust: 0.6

vendor:optical networkingmodel: - scope:eqversion:1.0

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:4.0(1)

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:4.0(2)

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:4.0.0

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:4.1(0)

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:4.1(1)

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:4.1(2)

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:4.1(3)

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:4.1.0

Trust: 0.4

vendor:optical networkingmodel: - scope:eqversion:4.5

Trust: 0.4

vendor:ciscomodel:onsscope:eqversion:156001.0

Trust: 0.3

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1(2)

Trust: 0.3

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1(1)

Trust: 0.3

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1(0)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1(3)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1(2)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1(1)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1(0)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.0(1)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.0

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.1(2)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.1(1)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.1(0)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.0(2)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.0(1)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.0

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:156001.3(0)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:156001.1(1)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:156001.1(0)

Trust: 0.3

vendor:ciscomodel:ons 15454sdhscope:neversion:4.6(1)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:neversion:154544.1(3)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:neversion:154544.1(1)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:neversion:154544.0(2)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:153274.1(3)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:153274.1(1)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:153274.0(2)

Trust: 0.3

sources: IVD: ebe2df6a-23cc-11e6-abef-000c29c66e3d // IVD: 7d7fc400-463f-11e9-a58e-000c29342cb1 // CNVD: CNVD-2004-0503 // BID: 9699 // JVNDB: JVNDB-2004-000939 // CNNVD: CNNVD-200411-121 // NVD: CVE-2004-0306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0306
value: MEDIUM

Trust: 1.0

NVD: CVE-2004-0306
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200411-121
value: MEDIUM

Trust: 0.6

IVD: ebe2df6a-23cc-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 7d7fc400-463f-11e9-a58e-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-8736
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0306
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: ebe2df6a-23cc-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d7fc400-463f-11e9-a58e-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-8736
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: ebe2df6a-23cc-11e6-abef-000c29c66e3d // IVD: 7d7fc400-463f-11e9-a58e-000c29342cb1 // VULHUB: VHN-8736 // JVNDB: JVNDB-2004-000939 // CNNVD: CNNVD-200411-121 // NVD: CVE-2004-0306

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000939 // NVD: CVE-2004-0306

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200411-121

TYPE

unknown

Trust: 1.3

sources: IVD: ebe2df6a-23cc-11e6-abef-000c29c66e3d // IVD: 7d7fc400-463f-11e9-a58e-000c29342cb1 // BID: 9699 // CNNVD: CNNVD-200411-121

PATCH

title:Cisco ONS 15327url:https://www.cisco.com/web/JP/product/hs/optical/ons15327/prodlit/pdf/0261_on15327.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2004-000939

EXTERNAL IDS

db:NVDid:CVE-2004-0306

Trust: 4.6

db:BIDid:9699

Trust: 2.8

db:CNNVDid:CNNVD-200411-121

Trust: 1.1

db:CNVDid:CNVD-2004-0503

Trust: 1.0

db:JVNDBid:JVNDB-2004-000939

Trust: 0.8

db:XFid:15264

Trust: 0.6

db:CISCOid:20040219 CISCO ONS 15327, ONS 15454, ONS 15454 SDH, AND ONS 15600 VULNERABILITIES

Trust: 0.6

db:IVDid:EBE2DF6A-23CC-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:7D7FC400-463F-11E9-A58E-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-8736

Trust: 0.1

sources: IVD: ebe2df6a-23cc-11e6-abef-000c29c66e3d // IVD: 7d7fc400-463f-11e9-a58e-000c29342cb1 // CNVD: CNVD-2004-0503 // VULHUB: VHN-8736 // BID: 9699 // JVNDB: JVNDB-2004-000939 // CNNVD: CNNVD-200411-121 // NVD: CVE-2004-0306

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ons.shtml

Trust: 2.8

url:http://www.securityfocus.com/bid/9699

Trust: 2.5

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15264

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2004-0306

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/15264

Trust: 0.6

sources: VULHUB: VHN-8736 // BID: 9699 // JVNDB: JVNDB-2004-000939 // CNNVD: CNNVD-200411-121 // NVD: CVE-2004-0306

CREDITS

Cisco Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200411-121

SOURCES

db:IVDid:ebe2df6a-23cc-11e6-abef-000c29c66e3d
db:IVDid:7d7fc400-463f-11e9-a58e-000c29342cb1
db:CNVDid:CNVD-2004-0503
db:VULHUBid:VHN-8736
db:BIDid:9699
db:JVNDBid:JVNDB-2004-000939
db:CNNVDid:CNNVD-200411-121
db:NVDid:CVE-2004-0306

LAST UPDATE DATE

2024-08-14T14:08:58.040000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2004-0503date:2004-02-19T00:00:00
db:VULHUBid:VHN-8736date:2018-10-30T00:00:00
db:BIDid:9699date:2009-07-12T03:06:00
db:JVNDBid:JVNDB-2004-000939date:2024-06-07T09:02:00
db:CNNVDid:CNNVD-200411-121date:2005-05-13T00:00:00
db:NVDid:CVE-2004-0306date:2018-10-30T16:26:17.390

SOURCES RELEASE DATE

db:IVDid:ebe2df6a-23cc-11e6-abef-000c29c66e3ddate:2004-02-19T00:00:00
db:IVDid:7d7fc400-463f-11e9-a58e-000c29342cb1date:2004-02-19T00:00:00
db:CNVDid:CNVD-2004-0503date:2004-02-19T00:00:00
db:VULHUBid:VHN-8736date:2004-11-23T00:00:00
db:BIDid:9699date:2004-02-19T00:00:00
db:JVNDBid:JVNDB-2004-000939date:2024-06-07T00:00:00
db:CNNVDid:CNNVD-200411-121date:2004-02-19T00:00:00
db:NVDid:CVE-2004-0306date:2004-11-23T05:00:00