[email protected]CVE-2006-1672

HistoryApr 07, 2006 - 10:04 a.m.

CVE-2006-1672

2006-04-0710:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cisco

transport controller

ctc

optical networking system

ons 15000

remote code execution

http

url

fs/launcher.jar

vulnerability

security

nvd

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.132 Low

EPSS

Percentile

95.5%

JSON

The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing “fs/LAUNCHER.jar”, which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.

CPENameOperatorVersion
cisco:transport_controllercisco transport controllereq4.0.x
cisco:ons_15454_msppcisco ons 15454 msppeq*
cisco:ons_15600cisco ons 15600eq0
cisco:ons_15310-cl_seriescisco ons 15310-cl serieseq0
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq3.2
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq3.3.0
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq3.4.0
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.0.0
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq3.1.0
cisco:optical_networking_systems_softwarecisco optical networking systems softwareeq4.6\(1\)

CPE	Name	Operator	Version
cisco:transport_controller	cisco transport controller	eq	4.0.x
cisco:ons_15454_mspp	cisco ons 15454 mspp	eq	*
cisco:ons_15600	cisco ons 15600	eq	0
cisco:ons_15310-cl_series	cisco ons 15310-cl series	eq	0
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	3.2
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	3.3.0
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	3.4.0
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.0.0
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	3.1.0
cisco:optical_networking_systems_software	cisco optical networking systems software	eq	4.6\(1\)

Rows per page:

1-10 of 241

References

secunia.com/advisories/19553

securitytracker.com/id?1015871

www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml

www.osvdb.org/24438

www.securityfocus.com/bid/17384

www.vupen.com/english/advisories/2006/1256

exchange.xforce.ibmcloud.com/vulnerabilities/25647

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.132 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2006-1672

prion1 cvelist1 cisco1