Cisco ONS 15000 Superuser Account Lock Bypass

2004-02-19T06:35:13
ID OSVDB:4010
Type osvdb
Reporter OSVDB
Modified 2004-02-19T06:35:13

Description

Vulnerability Description

Cisco ONS 15000 series contains a flaw that may allow a malicious user to gain unauthorized access. The issue is triggered because a superuser whose account has been locked out is still able to telnet to the device and log in. It is possible that the flaw may allow unathorized access resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version indicated in vendor advisory or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Cisco ONS 15000 series contains a flaw that may allow a malicious user to gain unauthorized access. The issue is triggered because a superuser whose account has been locked out is still able to telnet to the device and log in. It is possible that the flaw may allow unathorized access resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10933 Related OSVDB ID: 4008 Related OSVDB ID: 4009 Keyword: Cisco,ONS ISS X-Force ID: 15266 CVE-2004-0308 Bugtraq ID: 9699