Vulnerability Name: CVE-2004-0308 (CCN-15266) Assigned: 2004-02-19 Published: 2004-02-19 Updated: 2018-10-30 Summary: Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: MITRECVE-2004-0308 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities 20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities 4010 Cisco ONS 15000 Superuser Account Lock Bypass 9699 Cisco ONS Platform Vulnerabilities cisco-ons-gain-access(15266) cisco-ons-gain-access(15266) Vulnerable Configuration: Configuration 1 :cpe:/a:cisco:optical_networking_systems_software:1.0:*:*:*:*:*:*:* OR cpe:/a:cisco:optical_networking_systems_software:4.0(1):*:*:*:*:*:*:* OR cpe:/a:cisco:optical_networking_systems_software:4.0(2):*:*:*:*:*:*:* OR cpe:/a:cisco:optical_networking_systems_software:4.0.0:*:*:*:*:*:*:* OR cpe:/a:cisco:optical_networking_systems_software:4.1(0):*:*:*:*:*:*:* OR cpe:/a:cisco:optical_networking_systems_software:4.1(1):*:*:*:*:*:*:* OR cpe:/a:cisco:optical_networking_systems_software:4.1(2):*:*:*:*:*:*:* OR cpe:/a:cisco:optical_networking_systems_software:4.1(3):*:*:*:*:*:*:* OR cpe:/a:cisco:optical_networking_systems_software:4.1.0:*:*:*:*:*:*:* OR cpe:/a:cisco:optical_networking_systems_software:4.5:*:*:*:*:*:*:* BACK
cisco optical networking systems software 1.0
cisco optical networking systems software 4.0(1)
cisco optical networking systems software 4.0(2)
cisco optical networking systems software 4.0.0
cisco optical networking systems software 4.1(0)
cisco optical networking systems software 4.1(1)
cisco optical networking systems software 4.1(2)
cisco optical networking systems software 4.1(3)
cisco optical networking systems software 4.1.0
cisco optical networking systems software 4.5
Denotes that component is vulnerable