Cisco: >> Optical Networking Systems Software >> 3.3.0 Security Vulnerabilities
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
CVSS Score
7.5
EPSS Score
0.007
Published
2003-03-31
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.
CVSS Score
4.6
EPSS Score
0.001
Published
2003-03-31
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.
CVSS Score
5.0
EPSS Score
0.007
Published
2003-03-31
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).
CVSS Score
5.0
EPSS Score
0.005
Published
2003-03-31
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
CVSS Score
5.0
EPSS Score
0.005
Published
2003-03-31
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
CVSS Score
10.0
EPSS Score
0.009
Published
2003-03-31
Page 2