Alcatel Operating System (AOS) does not require a password for accessing the telnet server

Overview

The OmniSwitch 7700/7800 running Alcatel Operating System (AOS) version 5.1.1 has TCP port 6778 listening as a telnet server. This gives anyone access to the OmniSwitch’s Vx-Works operating system without requiring a password.

Description

During an NMAP audit of the AOS 5.1.1 code that runs on the Alcatel OmniSwitch 7700/7800 LAN switches, it was determined a telnet server was listening on TCP port number 6778. This was used during development to access the Wind River Vx-Works operating system. Due to an oversight, this access was not removed prior to product release.

---

Impact

Anyone running NMAP on AOS 5.1.1 will see port 6778 listening. The attacker is able to telnet to the port and access the OmniSwitch operating system without a password. This backdoor compromises the entire system.

---

Solution

1. Immediate - create an ACL blocking all access to TCP port 6778.
2. Short-term - Alcatel Customer Support has updated code that removes this backdoor. This fix is part of AOS 5.1.1.R02 and AOS 5.1.1.R03. Contact Customer Support for this updated code.
3. Permanent - the generally available AOS code–the code that ships with each OmniSwitch–will have this vulnerability removed as of AOS 5.1.3.

---

Vendor Information

181721

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Alcatel __ Affected

Updated: November 20, 2002

Status

Affected

Vendor Statement

Please see VU#181721.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23181721 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.alcatel.com/support&gt;
• <http://www.ind.alcatel.com/nextgen/OmniSwitch_7000_brief.pdf&gt;
• <http://www.ind.alcatel.com/specs/index.cfm?cnt=7000&gt;

Acknowledgements

Thanks to Alcatel for reporting this vulnerability.

This document was written by Alcatel’s Olivier Paridaens and Jeff Hayes. This document was published by Ian A. Finlay.

Other Information

CVE IDs:	CVE-2002-1272
CERT Advisory:	CA-2002-32 Severity Metric: