Vulnerability 25644 - CERT Civis.Net

Vulnerability Name:

CCN-25644

Published:

2006-04-05

Updated:

2006-04-05

Summary:

Multiple Cisco Optical Networking System (ONS) Multi-service Provisioning Platform (MSPP) devices are vulnerable to a denial of service attack. If IP is configured on the LAN interface, which is enabled by default, and secure mode for Element Management System (EMS) to Network Element access is enabled, a remote attacker could launch a denial of service attack. By sending specially-crafted IP packets to an affected network entity, a remote attacker could cause both control cards to reset.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: cisco-sa-20060405-ons
Cisco Security Advisory: Cisco Optical Networking System 15000 Series and Cisco Transport Controller Vulnerabilities

Source: CCN
Type: BID-17384
Cisco Optical Networking System and Transport Controller Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
cisco-ons-cc-ems-dos(25644)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/o:cisco:ons_15454_mstp:*:*:*:*:*:*:*:*

OR cpe:/o:cisco:ons_15454_mspp:*:*:*:*:*:*:*:*

OR cpe:/h:cisco:ons_15327:*:*:*:*:*:*:*:*

OR cpe:/h:cisco:ons_15310-cl:*:*:*:*:*:*:*:*

OR cpe:/a:cisco:ons:7.0.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK