20 matches found
CVE-2003-0567
Cisco IOS 11.x and 12.0–12.2 are affected by CVE-2003-0567. By sending a specific sequence of IPv4 packets to a router’s interface, an attacker can cause the input queue to become full and trigger a denial of service, potentially stopping traffic processing on that interface and affecting related...
CVE-2006-1671
CVE-2006-1671 affects Cisco Optical Networking System (ONS) 15000 series nodes prior to 20060405. The issue allows remote denial of service (card reset) via (1) a crafted IP packet to a device with secure mode EMS-to-network-element access, (2) a crafted IP packet to a device with IP on the LAN i...
CVE-2004-0714
Cisco IOS SNMP processing in releases 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B, and 12.3T contains a vulnerability in handling SNMP requests that, when exploited remotely, could cause the device to reload and potentially memory corruption. The issue is triggered by solicited SNMP operations on UDP ...
CVE-2004-1432
CVE-2004-1432 applies to Cisco ONS platforms: ONS 15327, ONS 15454, and ONS 15454 SDH across multiple releases (e.g., 4.6(0)/4.6(1), 4.5.x, 4.1(0)–4.1(3), 4.0(0)–4.0(2) and earlier). The issue allows remote attackers to cause a denial of service (control card reset) by sending malformed IP or ICM...
CVE-2006-1672
The CVE-2006-1672 entry affects Cisco Optical Networking System (ONS) 15000 series nodes via Cisco Transport Controller (CTC). A Java policy file entry is installed that grants java.security.AllPermission to any http URL containing "fs/LAUNCHER.jar", enabling remote attackers to execute arbitrary...
CVE-2002-0952
Affected product/versions: Cisco ONS15454 optical transport platform running ONS 3.1.0–3.2.0. Vulnerability: Remote attackers can cause a denial of service (reset) by sending IP packets with non‑zero TOS bits to the Timing Control Card (TCC) LAN interface. Root cause (as stated): Improper handlin...
CVE-2002-1556
Cisco ONS15454 and ONS15327 devices running ONS prior to version 3.4 are vulnerable to a denial-of-service (reset) via an HTTP request to the TCC, TCC+ or XTC that includes an invalid CORBA Interoperable Object Reference (IOR). The affected hardware/software are Cisco ONS platforms mentioned in C...
CVE-2004-0307
CVE-2004-0307 affects Cisco ONS platforms (ONS 15327 before 4.1(3); ONS 15454 before 4.6(1); ONS 15454 SD before 4.1(3)). The vulnerability allows remote attackers to trigger a denial-of-service (reset) by manipulating the TCP three-way handshake: not sending the ACK and replying with an invalid ...
CVE-2002-1554
CVE-2002-1554 affects Cisco ONS15454 and ONS15327 running ONS before 3.4. The issue is that usernames and passwords are stored in cleartext in the image database for the TCC, TCC+ or XTC, which could allow an attacker to gain privileges by extracting passwords from the image database or a backup....
CVE-2004-1433
The CVE-2004-1433 entry concerns multiple Cisco ONS platforms (ONS 15327, ONS 15454, ONS 15454 SDH across versions 4.6(0-1), 4.5.x, 4.1(0-3), 4.0(0-2), older, and ONS 15600 1.x). The issue allows remote attackers to cause a denial of service (control card reset) by sending malformed (1) TCP and (...
CVE-2002-1555
Cisco ONS CVE-2002-1555 affects Cisco ONS15454 and ONS15327 running ONS before 3.4, where a default, unchangeable SNMP public community string allows remote attackers to obtain sensitive information. The provided documents do not include a remediation or patch details; upgrade/mitigation specific...
CVE-2004-0308
Cisco ONS platform vulnerability CVE-2004-0308 affects ONS 15327 pre-4.1(3), ONS 15454 pre-4.6(1), ONS 15454 SD pre-4.1(3), and ONS15600 pre-1.3(0). A superuser account that is locked out, disabled, or suspended can gain unauthorized access via Telnet to the VxWorks shell. No remediation details ...
CVE-2004-1435
CVE-2004-1435 affects Cisco ONS platforms (ONS 15327, ONS 15454, and ONS 15454 SDH) across multiple firmware versions (e.g., 4.6(0)/4.6(1), 4.5.x, 4.1.x, 4.0.x and earlier). The issue enables remote attackers to trigger a denial-of-service (control card reset) by opening a large number of TCP con...
CVE-2002-1553
The CVE-2002-1553 entry affects Cisco ONS15454 and ONS15327 running ONS prior to 3.4. The vulnerability lets a remote attacker modify system configuration and delete files by connecting via FTP to the TCC, TCC+ or XTC using a non-existent username/password. Connected sources corroborate the issue...
CVE-2004-0306
CVE-2004-0306 affects several Cisco ONS platforms (ONS 15327 prior to 4.1(3); ONS 15454 prior to 4.6(1); ONS 15454 SD prior to 4.1(3); Cisco ONS 15600 prior to 1.3(0)) where TFTP is enabled on UDP port 69 by default. This allows remote attackers to GET or PUT ONS system files on the current activ...
CVE-2002-1558
Cisco ONS15454 and ONS15327 running ONS before 3.4 expose a non-modifiable VxWorks system account within the TCC, TCC+ and XTC, enabling remote privilege escalation by Telnet. Affected product families: Cisco ONS. Root cause: account cannot be changed or disabled, allowing non-authenticated or lo...
CVE-2004-1436
The CVE-2004-1436 issue affects Cisco ONS TL1 login interfaces on Cisco ONS 15327 (4.6(0)/4.6(1)) and 15454/15454 SDH (4.6(0)/4.6(1)). It allows remote authenticated access by logging in with a password longer than 10 characters when the account password is blank, enabling unauthorized access. Th...
CVE-2006-1670
CVE-2006-1670 affects Cisco Optical Networking System (ONS) 15000 series nodes prior to 20060405. The issue allows remote attackers to cause a denial of service via memory exhaustion (potential card reset) by sending an invalid response when the final ACK is expected, per bug ID CSCei45910. Conne...
CVE-2004-1434
CVE-2004-1434 affects Cisco ONS platforms: 15327, 15454, and 15454 SDH, across multiple software lines (4.1(0)–4.1(2), 4.5(x), 4.0(0)–4.0(2) and earlier). The issue allows remote attackers to cause a denial of service via malformed SNMP packets, triggering a control card reset. No exploitation de...
CVE-2002-1557
CVE-2002-1557 affects Cisco ONS platforms: ONS15454 and ONS15327 running ONS before 3.4. The vulnerability is triggered by a malformed HTTP request that does not start with a leading ‘/’, allowing an attacker to cause a denial of service by resetting to TCC, TCC+, TCCi or XTC. The provided docume...