• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Cisco ONS Platform Vulnerabilities

Severity: HIGH

Description:

Cisco has reported multiple vulnerabilities affecting various ONS platforms, allowing for unauthorized access and denial of service attacks. These optical platforms are all managed via XTC, TCC+/TCC2, TCCi/TCC2, and TSC control cards.

The following specific issues were reported:

TFTP services (via port 69/UDP) on some ONS platforms allow unauthenticated access to TFTP GET/PUT commands. This could be used to upload or retrieve ONS system files on the TCC in the /flash0 or /flash1 directories. Cisco has reported that this does not affect user files. This could disclose sensitive information but would also likely result in a denial of service. This issue affects Cisco ONS 15327, ONS 15454, ONS 15454 SDH and Cisco ONS 15600 platforms.

A denial of service attack was reported which may occur via network management application port (1080/TCP) on affected platforms. This issue is exposed when the final ACK packet in the TCP three-way handshake is not sent, causing affected platforms to enter an invalid TCP state. An attacker with network access to affected devices could trigger this issue by sending an invalid response instead of an ACK. The denial of service condition would persist until the control card is rebooted, effectively denying network manageability functions. This issue is reported to affect Cisco ONS 15327, ONS 15454 and ONS 15454 SDH hardware. The Cisco ONS 15600 Multiservice Switching Platform is not vulnerable.

The underlying VxWorks operating system provides telnet access to some platforms for superusers. It has been reported that if a superuser account has been locked out, disabled, or suspended, the user may still authenticate and access the VxWorks shell. This affects Cisco ONS 15327, ONS 15454, ONS 15454 SDH and Cisco ONS 15600 platforms.

It should be noted that the various ONS platforms are intended to be deployed on networks that are physically separated from the Internet, so exposure to these issues by remote attackers is limited.

This cumulative BID will be divided into three distinct BIDs when further analysis is complete.

Affected Products:

• Cisco ONS 15327 4.0.0
• Cisco ONS 15327 4.0.0 (1)
• Cisco ONS 15327 4.0.0 (2)
• Cisco ONS 15327 4.1.0 (0)
• Cisco ONS 15327 4.1.0 (1)
• Cisco ONS 15327 4.1.0 (2)
• Cisco ONS 15454 Optical Transport Platform 4.0.0
• Cisco ONS 15454 Optical Transport Platform 4.0.0 (1)
• Cisco ONS 15454 Optical Transport Platform 4.1.0
• Cisco ONS 15454 Optical Transport Platform 4.1.0 (0)
• Cisco ONS 15454 Optical Transport Platform 4.1.0 (1)
• Cisco ONS 15454 Optical Transport Platform 4.1.0 (2)
• Cisco ONS 15454 Optical Transport Platform 4.1.0 (3)
• Cisco ONS 15454SDH 4.0.0
• Cisco ONS 15454SDH 4.1.0 (0)
• Cisco ONS 15454SDH 4.1.0 (1)
• Cisco ONS 15454SDH 4.1.0 (2)
• Cisco ONS 15454SDH 4.5.0
• Cisco ONS 15600 1.0.0

References:

• Cisco: Cisco Security Advisory: cisco-sa-20040219-ONS

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.