Lucene search

[email protected]CVE-2004-0306

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0306

2004-11-2305:00:00

[email protected]

web.nvd.nist.gov

cisco

ons

cve-2004-0306

tftp

security vulnerability

system files manipulation

remote attackers

nvd

6.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON

Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories.

Affected configurations

NVD

Node

ciscooptical_networking_systems_softwareMatch1.0

ciscooptical_networking_systems_softwareMatch4.0\(1\)

ciscooptical_networking_systems_softwareMatch4.0\(2\)

ciscooptical_networking_systems_softwareMatch4.0.0

ciscooptical_networking_systems_softwareMatch4.1\(0\)

ciscooptical_networking_systems_softwareMatch4.1\(1\)

ciscooptical_networking_systems_softwareMatch4.1\(2\)

ciscooptical_networking_systems_softwareMatch4.1\(3\)

ciscooptical_networking_systems_softwareMatch4.1.0

ciscooptical_networking_systems_softwareMatch4.5

CPENameOperatorVersion
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq1.0
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.0\(1\)
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.0\(2\)
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.0.0
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.1\(0\)
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.1\(1\)
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.1\(2\)
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.1\(3\)
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.1.0
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.5

CPE	Name	Operator	Version
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	1.0
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.0\(1\)
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.0\(2\)
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.0.0
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.1\(0\)
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.1\(1\)
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.1\(2\)
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.1\(3\)
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.1.0
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.5

References

www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml

www.securityfocus.com/bid/9699

exchange.xforce.ibmcloud.com/vulnerabilities/15264

6.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2004-0306

nvd1 cvelist1 nessus1