Vulnerability Details CVE-2002-1554
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.1%
CVSS Severity
CVSS v2 Score 4.6
References
- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
- http://www.iss.net/security_center/static/10506.php
- http://www.securityfocus.com/bid/6078
- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
- http://www.iss.net/security_center/static/10506.php
- http://www.securityfocus.com/bid/6078
Products affected by CVE-2002-1554
-
cpe:2.3:a:cisco:optical_networking_systems_software:3.0
-
cpe:2.3:a:cisco:optical_networking_systems_software:3.1.0
-
cpe:2.3:a:cisco:optical_networking_systems_software:3.2
-
cpe:2.3:a:cisco:optical_networking_systems_software:3.2.0
-
cpe:2.3:a:cisco:optical_networking_systems_software:3.3.0