Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability

An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller (TNC) could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout.

The issue is due to a packet processing services process missing health pings due to excessive traffic sent to the TNC during stability security testing and the TNC reset due to a watchdog timeout. An attacker could exploit this issue by sending high rates of data traffic to the TNC. An exploit could allow the attacker to trigger a reload of the TNC.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks where the targeted device resides to send high rates of data traffic to the device. This access requirement may reduce the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.