Sign-up

ID

VAR-200411-0076


CVE

CVE-2004-0308


TITLE

Cisco Systems  optical networking systems software  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000941

DESCRIPTION

Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell. Cisco Systems optical networking systems software Exists in unspecified vulnerabilities.None. It should be noted that the various ONS platforms are intended to be deployed on networks that are physically separated from the Internet, so exposure to these issues by remote attackers is limited. Cisco ONS is an optical network platform developed by CISCO. Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 can be managed by XTC, TCC+/TCC2, TCCi/TCC2, and TSC control cards. These control cards are generally isolated from the Internet and only connected to the local network environment. There are the following vulnerabilities: - CSCec17308/CSCec19124(tftp) The TFTP service uses UDP port 69 by default, allowing GET and PUT commands without any authentication, and the client can connect to the fiber optic device and upload and download arbitrary user data. - CSCec17406(port 1080) Cisco ONS 15327, ONS 15454 and ONS 15454 SDH hardware has an ACK denial of service attack on TCP port 1080, which is used for network management to communicate with the control card. Through ACK denial of service attack, the control card on the fiber optic equipment can be reset. - CSCec66884/CSCec71157(SU access) By default, only superusers are allowed to have telnet access to the VxWorks operating system. Due to this vulnerability, if the superuser account is banned, locked and suspended, you can still log in to the VxWorks shell with the set password

Trust: 1.98

sources: NVD: CVE-2004-0308 // JVNDB: JVNDB-2004-000941 // BID: 9699 // VULHUB: VHN-8738

AFFECTED PRODUCTS

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1\(2\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.0\(1\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.0\(2\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.5

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:1.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1\(0\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.0.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1\(1\)

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:4.1\(3\)

Trust: 1.0

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.5

Trust: 0.9

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.0

Trust: 0.9

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1(2)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.0.0

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1(0)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:1.0

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1(1)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.5

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.0(2)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1.0

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.0(1)

Trust: 0.8

vendor:シスコシステムズmodel:optical networking systems softwarescope:eqversion:4.1(3)

Trust: 0.8

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:4.1\(1\)

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:4.1\(0\)

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:4.1\(2\)

Trust: 0.6

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1\(1\)

Trust: 0.6

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1\(0\)

Trust: 0.6

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1\(2\)

Trust: 0.6

vendor:ciscomodel:ons 15600scope:eqversion:1.0

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:4.1\(3\)

Trust: 0.6

vendor:ciscomodel:onsscope:eqversion:156001.0

Trust: 0.3

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1(2)

Trust: 0.3

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1(1)

Trust: 0.3

vendor:ciscomodel:ons 15454sdhscope:eqversion:4.1(0)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1(3)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1(2)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1(1)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1(0)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.1

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.0(1)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154544.0

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.1(2)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.1(1)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.1(0)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.0(2)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.0(1)

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153274.0

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:156001.3(0)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:156001.1(1)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:156001.1(0)

Trust: 0.3

vendor:ciscomodel:ons 15454sdhscope:neversion:4.6(1)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:neversion:154544.1(3)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:neversion:154544.1(1)

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:neversion:154544.0(2)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:153274.1(3)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:153274.1(1)

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:153274.0(2)

Trust: 0.3

sources: BID: 9699 // JVNDB: JVNDB-2004-000941 // CNNVD: CNNVD-200411-171 // NVD: CVE-2004-0308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0308
value: HIGH

Trust: 1.0

NVD: CVE-2004-0308
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200411-171
value: CRITICAL

Trust: 0.6

VULHUB: VHN-8738
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-0308
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8738
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8738 // JVNDB: JVNDB-2004-000941 // CNNVD: CNNVD-200411-171 // NVD: CVE-2004-0308

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000941 // NVD: CVE-2004-0308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200411-171

TYPE

Unknown

Trust: 0.9

sources: BID: 9699 // CNNVD: CNNVD-200411-171

PATCH

title:Cisco ONS 15327url:https://www.cisco.com/web/JP/product/hs/optical/ons15327/prodlit/pdf/0261_on15327.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2004-000941

EXTERNAL IDS

db:NVDid:CVE-2004-0308

Trust: 3.6

db:BIDid:9699

Trust: 2.8

db:OSVDBid:4010

Trust: 1.7

db:JVNDBid:JVNDB-2004-000941

Trust: 0.8

db:CNNVDid:CNNVD-200411-171

Trust: 0.7

db:XFid:15266

Trust: 0.6

db:CISCOid:20040219 CISCO ONS 15327, ONS 15454, ONS 15454 SDH, AND ONS 15600 VULNERABILITIES

Trust: 0.6

db:VULHUBid:VHN-8738

Trust: 0.1

sources: VULHUB: VHN-8738 // BID: 9699 // JVNDB: JVNDB-2004-000941 // CNNVD: CNNVD-200411-171 // NVD: CVE-2004-0308

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ons.shtml

Trust: 2.8

url:http://www.securityfocus.com/bid/9699

Trust: 2.5

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15266

Trust: 1.9

url:http://www.osvdb.org/4010

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2004-0308

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/15266

Trust: 0.6

sources: VULHUB: VHN-8738 // BID: 9699 // JVNDB: JVNDB-2004-000941 // CNNVD: CNNVD-200411-171 // NVD: CVE-2004-0308

CREDITS

Cisco Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200411-171

SOURCES

db:VULHUBid:VHN-8738
db:BIDid:9699
db:JVNDBid:JVNDB-2004-000941
db:CNNVDid:CNNVD-200411-171
db:NVDid:CVE-2004-0308

LAST UPDATE DATE

2024-08-14T14:08:58.086000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-8738date:2018-10-30T00:00:00
db:BIDid:9699date:2009-07-12T03:06:00
db:JVNDBid:JVNDB-2004-000941date:2024-06-07T09:02:00
db:CNNVDid:CNNVD-200411-171date:2006-01-30T00:00:00
db:NVDid:CVE-2004-0308date:2018-10-30T16:26:17.390

SOURCES RELEASE DATE

db:VULHUBid:VHN-8738date:2004-11-24T00:00:00
db:BIDid:9699date:2004-02-19T00:00:00
db:JVNDBid:JVNDB-2004-000941date:2024-06-07T00:00:00
db:CNNVDid:CNNVD-200411-171date:2004-02-19T00:00:00
db:NVDid:CVE-2004-0308date:2004-11-24T05:00:00