Vulnerability CVE-2004-0306
Published: 2004-11-23   Modified: 2012-02-12

Description:
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Cisco -> Ons 15327 
Cisco -> Ons 15454 optical transport platform 
Cisco -> Ons 15454sdh 
Cisco -> Ons 15600 
Cisco -> Optical networking systems software 

 References:
http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
http://www.securityfocus.com/bid/9699
https://exchange.xforce.ibmcloud.com/vulnerabilities/15264
Copyright 2024, cxsecurity.com

 

Back to Top