10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.3%
The OmniSwitch 7700/7800 running Alcatel Operating System (AOS) version 5.1.1 has TCP port 6778 listening as a telnet server. This gives anyone access to the OmniSwitch’s Vx-Works operating system without requiring a password.
During an NMAP audit of the AOS 5.1.1 code that runs on the Alcatel OmniSwitch 7700/7800 LAN switches, it was determined a telnet server was listening on TCP port number 6778. This was used during development to access the Wind River Vx-Works operating system. Due to an oversight, this access was not removed prior to product release.
Anyone running NMAP on AOS 5.1.1 will see port 6778 listening. The attacker is able to telnet to the port and access the OmniSwitch operating system without a password. This backdoor compromises the entire system.
181721
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: November 20, 2002
Affected
Please see VU#181721.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23181721 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Alcatel for reporting this vulnerability.
This document was written by Alcatel’s Olivier Paridaens and Jeff Hayes. This document was published by Ian A. Finlay.
CVE IDs: | CVE-2002-1272 |
---|---|
CERT Advisory: | CA-2002-32 Severity Metric: |