Cisco ONS Multiple Remote Vulnerabilities (20040219-ONS)

This script is (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Cisco device has multiple vulnerabilites.

Description :

According to its version number, the remote Cisco ONS platform has
the following vulnerabilities :

- The TFTP server allows unauthenticated access to TFTP
GET and PUT commands. An attacker may exploit this flaw
to upload or retrieve the system files of the remote
ONS platform.

- A denial of service attack may occur through the network
management port of the remote device (1080/tcp).

- Superuser accounts cannot be disabled over telnet.

See also :

http://www.nessus.org/u?d35df68b

Solution :

Apply the fixes referenced in Cisco's advisory.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:U/RL:W/RC:C)
Public Exploit Available : false