Cisco ONS Multiple Remote Vulnerabilities (20040219-ONS)

high Nessus Plugin ID 16202

Synopsis

The remote Cisco device has multiple vulnerabilites.

Description

According to its version number, the remote Cisco ONS platform has the following vulnerabilities :

- The TFTP server allows unauthenticated access to TFTP GET and PUT commands. An attacker may exploit this flaw to upload or retrieve the system files of the remote ONS platform.

- A denial of service attack may occur through the network management port of the remote device (1080/tcp).

- Superuser accounts cannot be disabled over telnet.

Solution

Apply the fixes referenced in Cisco's advisory.

See Also

http://www.nessus.org/u?bc4f4415

Plugin Details

Severity: High

ID: 16202

File Name: cisco_ons_platform_vulnerabilities.nasl

Version: 1.20

Type: local

Family: CISCO

Published: 1/18/2005

Updated: 11/15/2018

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ons

Required KB Items: SNMP/sysDesc

Exploit Ease: No known exploits are available

Patch Publication Date: 2/19/2004

Vulnerability Publication Date: 10/31/2002

Reference Information

CVE: CVE-2002-0952, CVE-2002-1553, CVE-2002-1554, CVE-2002-1555, CVE-2002-1556, CVE-2002-1557, CVE-2002-1558, CVE-2004-0306, CVE-2004-0307, CVE-2004-0308

BID: 5058, 6073, 6076, 6078, 6081, 6082, 6083, 6084, 9699