Details of VAR-200412-0194

ID

VAR-200412-0194

CVE

CVE-2004-1432

TITLE

Multiple Cisco ONS control cards fail to properly handle malformed TCP packets

Trust: 0.8

sources: CERT/CC: VU#800384

DESCRIPTION

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets. A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Most of the reported issues are related to handling of malformed packets, resulting in a denial of service condition. However, an authentication bypass vulnerability has also been reported to affect some platforms. Attackers can send malformed IP, ICMP, TCP and UDP packets to cause XTC, TCC/TCC+/TCC2 and TCCi/TCC2 control cards to reboot. Repeated issuance of these malformed packets can cause the control card to stop responding to normal services. The CSCee27329 (passwd) vulnerability is that if the account is set with an empty password, then the device can be successfully authenticated by using a password exceeding 10 characters to log in to the device. This vulnerability only affects the TL1 login interface. The CTC login interface is not affected by this vulnerability

Trust: 6.3

sources: NVD: CVE-2004-1432 // CERT/CC: VU#800384 // CERT/CC: VU#969344 // CERT/CC: VU#918920 // CERT/CC: VU#277048 // CERT/CC: VU#486224 // CERT/CC: VU#548968 // CERT/CC: VU#760432 // BID: 10768 // VULHUB: VHN-9862

AFFECTED PRODUCTS

vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 5.6
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.0\(0\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.0\(1\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	1.1\(0\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.5	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	1.1\(1\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.1\(1\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.6\(0\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	1.1	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.1\(2\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.2	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	2.3\(5\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.0\(2\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	1.3\(0\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.6\(1\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	1.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.1\(0\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	3.4.0	Trust: 1.0
vendor:	cisco	model:	ons 15327	scope:	eq	version:	4.0\(1\)	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.1	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	4.1\(1\)	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	4.1\(0\)	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.2	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	4.0\(2\)	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	4.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.4	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	ons	scope:	eq	version:	156001.3(0)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	156001.1(1)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	156001.1(0)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	156001.1	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	156001.0	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.6(1)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.6(0)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.5	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.1(3)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.1(2)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.1(1)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.1(0)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.0(2)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.0(1)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.0(0)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	3.4	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	2.3(5)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.6(1)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.6(0)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.5	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.1(3)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.1(2)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.1(1)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.1(0)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.0(2)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.0(1)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.4	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.3	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.2.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.1.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154543.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154542.3(5)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.6(1)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.6(0)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.1(3)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.1(2)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.1(1)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.1(0)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.0(2)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.0(1)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.0	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.4	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.3	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.2	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.1	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153273.0	Trust: 0.3

sources: CERT/CC: VU#800384 // CERT/CC: VU#969344 // CERT/CC: VU#918920 // CERT/CC: VU#277048 // CERT/CC: VU#486224 // CERT/CC: VU#548968 // CERT/CC: VU#760432 // BID: 10768 // CNNVD: CNNVD-200412-429 // NVD: CVE-2004-1432

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1432
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#800384
value:	8.03
Trust: 0.8
CARNEGIE MELLON:	VU#969344
value:	8.03
Trust: 0.8
CARNEGIE MELLON:	VU#918920
value:	8.03
Trust: 0.8
CARNEGIE MELLON:	VU#277048
value:	8.03
Trust: 0.8
CARNEGIE MELLON:	VU#486224
value:	8.03
Trust: 0.8
CARNEGIE MELLON:	VU#548968
value:	8.03
Trust: 0.8
CARNEGIE MELLON:	VU#760432
value:	7.09
Trust: 0.8
CNNVD:	CNNVD-200412-429
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-9862
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1432
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9862
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#800384 // CERT/CC: VU#969344 // CERT/CC: VU#918920 // CERT/CC: VU#277048 // CERT/CC: VU#486224 // CERT/CC: VU#548968 // CERT/CC: VU#760432 // VULHUB: VHN-9862 // CNNVD: CNNVD-200412-429 // NVD: CVE-2004-1432

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1432

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-429

TYPE

Unknown

Trust: 0.9

sources: BID: 10768 // CNNVD: CNNVD-200412-429

EXTERNAL IDS

db:	SECUNIA	id:	12117	Trust: 7.3
db:	SECTRACK	id:	1010749	Trust: 4.8
db:	CERT/CC	id:	VU#969344	Trust: 2.5
db:	CERT/CC	id:	VU#918920	Trust: 2.5
db:	BID	id:	10768	Trust: 2.0
db:	NVD	id:	CVE-2004-1432	Trust: 1.7
db:	CERT/CC	id:	VU#800384	Trust: 0.8
db:	CERT/CC	id:	VU#277048	Trust: 0.8
db:	CERT/CC	id:	VU#486224	Trust: 0.8
db:	CERT/CC	id:	VU#548968	Trust: 0.8
db:	SECTRACK	id:	1010748	Trust: 0.8
db:	CERT/CC	id:	VU#760432	Trust: 0.8
db:	CNNVD	id:	CNNVD-200412-429	Trust: 0.7
db:	XF	id:	16761	Trust: 0.6
db:	XF	id:	16760	Trust: 0.6
db:	NSFOCUS	id:	6737	Trust: 0.6
db:	CISCO	id:	20040721 CISCO ONS 15327, ONS 15454, ONS 15454 SDH, AND ONS 15600 MALFORMED PACKET VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-9862	Trust: 0.1

sources: CERT/CC: VU#800384 // CERT/CC: VU#969344 // CERT/CC: VU#918920 // CERT/CC: VU#277048 // CERT/CC: VU#486224 // CERT/CC: VU#548968 // CERT/CC: VU#760432 // VULHUB: VHN-9862 // BID: 10768 // CNNVD: CNNVD-200412-429 // NVD: CVE-2004-1432

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml	Trust: 7.6
url:	http://www.cisco.com/en/us/products/hw/optical/	Trust: 5.6
url:	http://secunia.com/advisories/12117/	Trust: 5.6
url:	http://www.securitytracker.com/alerts/2004/jul/1010749.html	Trust: 4.8
url:	http://www.securityfocus.com/bid/10768	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/918920	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/969344	Trust: 1.7
url:	http://secunia.com/advisories/12117	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16761	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16760	Trust: 1.1
url:	http://www.tl1.com/library/tl1/tl1_protocol/	Trust: 0.8
url:	http://www.cisco.com/en/us/products/hw/optical/ps2006/products_installation_and_configuration_guide_chapter09186a00800917bc.html	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2004/jul/1010748.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/16761	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/16760	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6737	Trust: 0.6

sources: CERT/CC: VU#800384 // CERT/CC: VU#969344 // CERT/CC: VU#918920 // CERT/CC: VU#277048 // CERT/CC: VU#486224 // CERT/CC: VU#548968 // CERT/CC: VU#760432 // VULHUB: VHN-9862 // BID: 10768 // CNNVD: CNNVD-200412-429 // NVD: CVE-2004-1432

CREDITS

Cisco PSIRT※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-429

SOURCES

db:	CERT/CC	id:	VU#800384
db:	CERT/CC	id:	VU#969344
db:	CERT/CC	id:	VU#918920
db:	CERT/CC	id:	VU#277048
db:	CERT/CC	id:	VU#486224
db:	CERT/CC	id:	VU#548968
db:	CERT/CC	id:	VU#760432
db:	VULHUB	id:	VHN-9862
db:	BID	id:	10768
db:	CNNVD	id:	CNNVD-200412-429
db:	NVD	id:	CVE-2004-1432

LAST UPDATE DATE

2024-08-14T13:09:47.351000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#800384	date:	2004-08-05T00:00:00
db:	CERT/CC	id:	VU#969344	date:	2004-08-05T00:00:00
db:	CERT/CC	id:	VU#918920	date:	2004-08-05T00:00:00
db:	CERT/CC	id:	VU#277048	date:	2004-08-05T00:00:00
db:	CERT/CC	id:	VU#486224	date:	2004-08-05T00:00:00
db:	CERT/CC	id:	VU#548968	date:	2004-08-05T00:00:00
db:	CERT/CC	id:	VU#760432	date:	2004-08-05T00:00:00
db:	VULHUB	id:	VHN-9862	date:	2018-10-30T00:00:00
db:	BID	id:	10768	date:	2004-07-21T00:00:00
db:	CNNVD	id:	CNNVD-200412-429	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1432	date:	2018-10-30T16:26:17.480

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#800384	date:	2004-07-27T00:00:00
db:	CERT/CC	id:	VU#969344	date:	2004-07-27T00:00:00
db:	CERT/CC	id:	VU#918920	date:	2004-07-27T00:00:00
db:	CERT/CC	id:	VU#277048	date:	2004-07-27T00:00:00
db:	CERT/CC	id:	VU#486224	date:	2004-07-27T00:00:00
db:	CERT/CC	id:	VU#548968	date:	2004-07-27T00:00:00
db:	CERT/CC	id:	VU#760432	date:	2004-07-27T00:00:00
db:	VULHUB	id:	VHN-9862	date:	2004-12-31T00:00:00
db:	BID	id:	10768	date:	2004-07-21T00:00:00
db:	CNNVD	id:	CNNVD-200412-429	date:	2004-07-21T00:00:00
db:	NVD	id:	CVE-2004-1432	date:	2004-12-31T05:00:00