-
Nessus exposes FTP and Telnet vulnerabilities in the Cisco ONS15454 Optical Transport Platform, the Cisco ONS15327 Edge Optical Transport Platform, the Cisco ONS15454SDH Multiplexer Platform, and the Cisco ONS15600 Multiservice Switching Platform. Cisco ONS15454 hardware running ONS Releases 3.0 through Release 3.4.1, Cisco ONS15327 and ONS15454SDH hardware running ONS Releases 3.3 through Release 3.4.1, and Cisco ONS15600 hardware running ONS Release 1.0 is affected by these vulnerabilities. Nessus is a free security scanner software available from nessus.org.
These vulnerabilities are documented as Cisco Bug IDs CSCdz83515, CSCdz83519, and CSCdz48556. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory will be posted at: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20030501-ons
-
Vulnerable Products
The following products are known to be vulnerable to this issue:- Cisco ONS15454 hardware running ONS Releases 3.0 through Release 3.4.1
- Cisco ONS15327 and Cisco ONS15454SDH hardware running ONS Releases 3.3 through Release 3.4.1
- Cisco ONS15600 hardware running ONS Release 1.0
Products Confirmed Not Vulnerable
The following products are not affected by the issue documented in this advisory:- Cisco ONS15454 hardware running ONS Releases 4.0 and 2.x
- Cisco ONS15327 hardware running ONS Release 4.0 and Release 1.x
- Cisco ONS15454SDH hardware running ONS Release 4.0
No other Cisco products are currently known to be affected by these vulnerabilities.
-
The affected Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 hardware is managed via the TCC+, XTC, TCCi, and TSC control cards respectively. These control cards are usually connected to a network isolated from the Internet and local to the customer's environment. This limits the exposure to the exploitation of the vulnerabilities from the Internet.
DDTS - Description
Details
CSCdz83515 - TCC+ reboots on Nessus VxWorks FTP DoS script
By making an invalid FTP request, a person may cause the TCC+, XTC, TCCi, or TSC control cards to reset. Repeated invalid requests would cause both the control cards to be reset at the same time.
CSCdz83519 - TCC+ reboots on Nessus VxWorks binlogin overflow script
By making an invalid Telnet request, a person may cause the TCC+, XTC, TCCi, or TSC control cards to reset. Repeated invalid requests would cause both the control cards to be reset at the same time.
CSCdz48556 - TCC+ reboots due to FTP server input buffer overflow vulnerability
By making an invalid FTP request, a person may cause the TCC+, XTC, TCCi, or TSC control cards to reset. Repeated invalid requests would cause both the control cards to be reset at the same time.
These vulnerabilities are documented as Bug IDs CSCdz83515, CSCdz83519, and CSCdz48556. Details can be viewed after 2003 May 02 by accessing the Cisco Bug Toolkit ( registered customers only) .
The Internetworking Terms and Cisco Systems Acronyms online guides can be found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/.
-
The Cisco PSIRT recommends that affected users upgrade to a fixed software version of code as soon as possible.
Use Unicast Reverse Path Forwarding and access control lists on routers and firewalls to allow only valid network management workstations gain FTP and Telnet access to the TCC+, XTC, TCCi, or TSC control cards.
-
All these vulnerabilities for the ONS15454, ONS15327, and ONS15454SDH platforms are fixed in the Cisco ONS software Releases 4.0 and later for the affected platforms.
All these vulnerabilities for the ONS15600 platforms are fixed in the Cisco ONS software Release 1.1, which will be available in September 2003.
Upgrade procedures can be found as indicated below.
- The procedure to upgrade to the fixed software version on the Cisco ONS15454 hardware is detailed at http://www.cisco.com/univercd/cc/td/doc/product/ong/15400/r40docs/sftupgrd/index.htm.
- The procedure to upgrade to the fixed software version on the Cisco ONS15327 hardware is detailed at http://www.cisco.com/univercd/cc/td/doc/product/ong/15327/327doc40/index.htm.
- The procedure to upgrade to the fixed software version on the Cisco ONS1600 hardware is detailed at http://cisco.com/univercd/cc/td/doc/product/ong/15600/index.htm.
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.
These vulnerabilities were reported to PSIRT by internal development testing and customers.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 2.0
2003-May-28
Added CSCdz48556. Another vulnerability resolved by the fixed software listed in the advisory.
Revision 1.0
2003-May-01
Initial public release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.