Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Cisco ONS Devices Grant Remote Users Access Via TFTP and Can Also Be Reset |
|---|
Categorie: Vulnerability
Posted: 2004-02-24 by ReCall
Views: 390
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: Several vulnerabilities were reported in the Cisco ONS 15327, 15454, 15454 SDH, and 15600 devices. A remote user can view and upload information to the controller card. A remote user can cause the controller card to reset.
It is reported that a remote user can connect to the TFTP service on UDP port 69 and execute GET and PUT commands. A remote user can reportedly retrieve ONS system files on the active TCC in the /flash0 or /flash1 directories. A remote user can cause denial of service conditions by uploading corrupt ONS system files to the controller card, the report said.
Cisco has assigned bug ID CSCec17308 to this issue on the Cisco ONS 15327, ONS 15454 and ONS 15454 SDH, and Cisco bug ID CSCec19124 to this issue on the Cisco ONS 15600 hardware.
It is also reported that a remote user can connect to TCP port 1080 and fail to send the final ACK handshake to cause denial of service on the Cisco ONS 15327, ONS 15454, and ONS 15454 SDH devices. This will cause the controller card to reset. On the Cisco ONS 15454, ONS 15327, and ONS 15454 SDH hardware, traffic will be temporarily dropped from the synchronous data channels while both the active and standby control cards are rebooting. Cisco has assigned bug ID CSCec17406 to this vulnerability.
It is also reported that a remote user can connect to the telnet port and access a superuser account that has been locked out, disabled, or suspended by using the previously configured password for the account. Cisco has assigned bug ID CSCec66884 to this issue on the Cisco ONS 15327, ONS 15454 and ONS 15454 SDH, and Cisco bug ID CSCec71157 to this issue on the Cisco ONS 15600 hardware.
Cisco reported that the Cisco ONS 15800 series, ONS 15500 series extended service platform, ONS 15302, ONS 15305, ONS 15200 series metro DWDM systems, and the ONS 15190 series IP transport concentrator are not affected.
Also, Cisco ONS 15327 hardware running ONS Release 1.x(x) and 3.x(x) and Cisco ONS 15454 hardware running ONS Releases 2.x(x) and 3.x(x) are not affected.
Impact: A remote user can access the system via TFTP to view certain files and potentially upload malformed system files.
A remote user with previously valid authentication credentials can access the system.
A remote user can cause the controller card to reset. In certain cases, network traffic may be affected.
Solution: Cisco ONS Release 4.6(0) is reportedly not affected by these vulnerabilities, but the vendor recommends that you upgrade to Cisco ONS release 4.6(1).
Upgrade procedures for the Cisco ONS 15327 hardware is available at:
http://www.cisco.com/univercd/cc/td/doc/product/ong/15327/327doc41/index.htm
Upgrade procedures for the Cisco ONS 15454 hardware is available at:
http://www.cisco.com/univercd/cc/td/doc/product/ong/15400/r46docs/index.htm
Upgrade procedures for the Cisco ONS 15600 hardware is available at:
http://cisco.com/univercd/cc/td/doc/product/ong/15600/index.htm
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=733
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
