CPE Details
Cisco Optical Networking Systems Software (ONS) 3.2
3.2
2010-12-28
16h30 +00:00
16h30 +00:00
2010-12-28
16h30 +00:00
16h30 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:cisco:optical_networking_systems_software:3.2:*:*:*:*:*:*:*
Informations
Vendor
ciscoProduct
optical_networking_systems_softwareVersion
3.2Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910. | 7.8 |
|||
| Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558. | 5 |
|||
| The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049. | 7.5 |
|||
| Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets. | 5 |
|||
| Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1) TCP and (2) UDP packets. | 5 |
|||
| Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets. | 5 |
|||
| Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number of TCP connections with an invalid response instead of the final ACK (TCP-ACK). | 5 |
|||
| The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters. | 7.5 |
|||
| Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. | 7.5 |
|||
| Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup. | 4.6 |
|||
| Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information. | 5 |
|||
| Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR). | 5 |
|||
| Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. | 5 |
|||
| Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. | 10 |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.