CVE-2004-0306
CVSS5.0
发布时间 :2004-11-23 00:00:00
修订时间 :2008-09-05 16:38:04
NMCOS    

[原文]Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories.


[CNNVD]Cisco ONS平台多个安全漏洞(CNNVD-200411-121)

        
        Cisco ONS是由CISCO公司开发的光纤网络平台。
        Cisco ONS存在多个漏洞,可导致未授权访问设备,拒绝服务或锁住帐户仍继续验证等攻击。
        Cisco ONS 15327, ONS 15454, ONS 15454 SDH, 和ONS 15600可通过XTC, TCC+/TCC2, TCCi/TCC2, 和TSC控制卡管理,这些控制卡一般与INTERNET隔离并只连接与本地网络环境。存在如下漏洞:
        - CSCec17308/CSCec19124(tftp)
        TFTP服务默认使用UDP 69端口,允许未进行任何验证进行GET和PUT命令,客户端就可以连接光纤设备,上传及下载任意用户数据。
        - CSCec17406(port 1080)
        Cisco ONS 15327, ONS 15454和ONS 15454 SDH硬件在TCP 1080端口上存在ACK拒绝服务攻击,TCP 1080端口用于网络管理与控制卡进行通信。通过ACK拒绝服务攻击,可导致光纤设备上的控制卡重设。
        - CSCec66884/CSCec71157(SU access)
        默认情况下只允许超级用户对VxWorks操作系统进行telnet访问,由于这个漏洞,超级用户帐户如果被禁止,锁住及暂停,使用设置密码仍旧可以登录VxWorks shell。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ons_15454_optical_transport_platform:4.1%282%29
cpe:/o:cisco:ons_15454sdh:4.5
cpe:/o:cisco:ons_15454sdh:4.1%280%29
cpe:/o:cisco:ons_15327:4.0
cpe:/o:cisco:ons_15454sdh:4.1%282%29
cpe:/o:cisco:ons_15454sdh:4.0
cpe:/o:cisco:ons_15327:4.0%282%29
cpe:/o:cisco:ons_15454_optical_transport_platform:4.0
cpe:/o:cisco:ons_15454_optical_transport_platform:4.1%283%29
cpe:/o:cisco:ons_15327:4.1%281%29
cpe:/o:cisco:ons_15327:4.1%282%29
cpe:/o:cisco:ons_15327:4.0%281%29
cpe:/o:cisco:ons_15327:4.1%280%29
cpe:/o:cisco:ons_15454_optical_transport_platform:4.0%281%29
cpe:/o:cisco:ons_15454_optical_transport_platform:4.1%280%29
cpe:/o:cisco:ons_15600:1.0
cpe:/o:cisco:ons_15454_optical_transport_platform:4.1
cpe:/o:cisco:ons_15454_optical_transport_platform:4.1%281%29
cpe:/o:cisco:ons_15454sdh:4.1%281%29

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0306
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0306
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-121
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/9699
(VENDOR_ADVISORY)  BID  9699
http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
(VENDOR_ADVISORY)  CISCO  20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
http://xforce.iss.net/xforce/xfdb/15264
(VENDOR_ADVISORY)  XF  cisco-ons-file-upload(15264)

- 漏洞信息

Cisco ONS平台多个安全漏洞
中危 未知
2004-11-23 00:00:00 2005-05-13 00:00:00
远程  
        
        Cisco ONS是由CISCO公司开发的光纤网络平台。
        Cisco ONS存在多个漏洞,可导致未授权访问设备,拒绝服务或锁住帐户仍继续验证等攻击。
        Cisco ONS 15327, ONS 15454, ONS 15454 SDH, 和ONS 15600可通过XTC, TCC+/TCC2, TCCi/TCC2, 和TSC控制卡管理,这些控制卡一般与INTERNET隔离并只连接与本地网络环境。存在如下漏洞:
        - CSCec17308/CSCec19124(tftp)
        TFTP服务默认使用UDP 69端口,允许未进行任何验证进行GET和PUT命令,客户端就可以连接光纤设备,上传及下载任意用户数据。
        - CSCec17406(port 1080)
        Cisco ONS 15327, ONS 15454和ONS 15454 SDH硬件在TCP 1080端口上存在ACK拒绝服务攻击,TCP 1080端口用于网络管理与控制卡进行通信。通过ACK拒绝服务攻击,可导致光纤设备上的控制卡重设。
        - CSCec66884/CSCec71157(SU access)
        默认情况下只允许超级用户对VxWorks操作系统进行telnet访问,由于这个漏洞,超级用户帐户如果被禁止,锁住及暂停,使用设置密码仍旧可以登录VxWorks shell。
        

- 公告与补丁

        厂商补丁:
        Cisco
        -----
        Cisco已经为此发布了一个安全公告(cisco-sa-20040219-ONS .)以及相应补丁:
        cisco-sa-20040219-ONS .:Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
        链接:
        http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
.
        针对TFTP问题,可采用如下补丁:
        15327 - 4.1(3)及之后
        15454, 15454 SDH - 4.6(1)及之后, 4.1(3)及之后
        5600 - 1.3(0)及之后, 1.1(0)及之后
        ACK拒绝服务攻击可采用如下补丁:
        15327 - 4.1(1)及之后, 4.0(2)及之后
        15454, 15454 SDH - 4.6(1)及之后, 4.1(1)及之后, 4.0(2)及之后
        超级用户访问问题可采用如下补丁:
        15327 - 4.1(3)及之后
        15454, 15454 SDH - 4.6(1)及之后, 4.1(3)及之后
        15600 - 1.1(1), 5.0 及之后 (pending release)
        关于Cisco ONS 15454升级到已修复程序的方法,详情请见:
        
        http://www.cisco.com/univercd/cc/td/doc/product/ong/15400/r46docs/index.htm

        关于Cisco ONS 15327升级到已修复程序的方法,详情请见:
        
        http://www.cisco.com/univercd/cc/td/doc/product/ong/15327/327doc41/index.htm

        关于Cisco ONS 15600升级到已修复程序的方法,详情请见:
        
        http://www.cisco.com/univercd/cc/td/doc/product/ong/15327/327doc41/index.htm

        签约用户可从正常更新渠道获取升级软件。对大多数用户来说,可通过Cisco网站软件中心获取升级软件:
        
        http://www.cisco.com/kobayashi/sw-center/sw-optical.shtml.

        事先或目前与第三方支持组织,如Cisco合作伙伴、授权零售商或服务商之间已有协议,由第三方组织提供Cisco产品或技术支持的用户可免费获得升级支持。
        直接从Cisco购买产品但没有Cisco服务合同的用户和由第三方厂商购买产品但无法从销售方获得已修复软件的用户可从Cisco技术支持中心(TAC)获取升级软件。TAC联系方法:
         * +1 800 553 2447 (北美地区免话费)
         * +1 408 526 7209 (全球收费)
         * e-mail: tac@cisco.com

- 漏洞信息

4008
Cisco ONS 15000 Unauthorized TFTP PUT and GET
Remote / Network Access Authentication Management
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

Cisco ONS 15000 contains a flaw that may allow attackers to gain knowledge of system information, cause a DoS (Denial of Service), or gain unauthorised access. The issue is triggered when the TFTP service accepts default "GET" and "PUT" commands without any prior user authentication. It is possible that the flaw may allow a malicious user to gain knowledge of information in ONS system files or crash the device by uploading corrupted ONS system files resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2004-02-20 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Cisco has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Cisco ONS Platform Vulnerabilities
Unknown 9699
Yes No
2004-02-19 12:00:00 2009-07-12 03:06:00
This issue was reported in a Cisco security advisory.

- 受影响的程序版本

Cisco ONS 15600 1.0
Cisco ONS 15454SDH 4.5
Cisco ONS 15454SDH 4.1 (2)
Cisco ONS 15454SDH 4.1 (1)
Cisco ONS 15454SDH 4.1 (0)
Cisco ONS 15454SDH 4.0
Cisco ONS 15454 Optical Transport Platform 4.1 (3)
Cisco ONS 15454 Optical Transport Platform 4.1 (2)
Cisco ONS 15454 Optical Transport Platform 4.1 (1)
Cisco ONS 15454 Optical Transport Platform 4.1 (0)
Cisco ONS 15454 Optical Transport Platform 4.1
Cisco ONS 15454 Optical Transport Platform 4.0 (1)
Cisco ONS 15454 Optical Transport Platform 4.0
Cisco ONS 15327 4.1 (2)
Cisco ONS 15327 4.1 (1)
Cisco ONS 15327 4.1 (0)
Cisco ONS 15327 4.0 (2)
Cisco ONS 15327 4.0 (1)
Cisco ONS 15327 4.0
Cisco ONS 15600 1.3 (0)
Cisco ONS 15600 1.1 (1)
Cisco ONS 15600 1.1 (0)
Cisco ONS 15454SDH 4.6 (1)
Cisco ONS 15454 Optical Transport Platform 4.1 (3)
Cisco ONS 15454 Optical Transport Platform 4.1 (1)
Cisco ONS 15454 Optical Transport Platform 4.0 (2)
Cisco ONS 15327 4.1 (3)
Cisco ONS 15327 4.1 (1)
Cisco ONS 15327 4.0 (2)

- 不受影响的程序版本

Cisco ONS 15600 1.3 (0)
Cisco ONS 15600 1.1 (1)
Cisco ONS 15600 1.1 (0)
Cisco ONS 15454SDH 4.6 (1)
Cisco ONS 15454 Optical Transport Platform 4.1 (3)
Cisco ONS 15454 Optical Transport Platform 4.1 (1)
Cisco ONS 15454 Optical Transport Platform 4.0 (2)
Cisco ONS 15327 4.1 (3)
Cisco ONS 15327 4.1 (1)
Cisco ONS 15327 4.0 (2)

- 漏洞讨论

Cisco has reported multiple vulnerabilities in the following platforms:
Cisco ONS 15327 Edge Optical Transport Platform
Cisco ONS 15454 Optical Transport Platform
Cisco ONS 15454 SDH Multiplexer Platform
Cisco ONS 15600 Multiservice Switching Platform

These issues could permit unauthorized access to devices, including unauthenticated access to GET/PUT TFTP commands on affected platforms, denial of service attacks via incomplete TCP transactions and an issue that may allow locked out superuser accounts to still authenticate.

It should be noted that the various ONS platforms are intended to be deployed on networks that are physically separated from the Internet, so exposure to these issues by remote attackers is limited.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Cisco has released various fixes to address these issues.

The TFTP issue is fixed in the following releases:

15327 - 4.1(3) and later
15454, 15454 SDH - 4.6(1) and later, 4.1(3) and later
5600 - 1.3(0) and later, 1.1(0) and later

The ACK denial of service is fixed in the following releases:

15327 - 4.1(1) and later, 4.0(2) and later
15454, 15454 SDH - 4.6(1) and later, 4.1(1) and later, 4.0(2) and later

The locked-out superuser access issue is fixed in the following releases:

15327 - 4.1(3) and later
15454, 15454 SDH - 4.6(1) and later, 4.1(3) and later
15600 - 1.1(1), 5.0 and later (pending release)

Further details on obtaining fixes may be found in the attached advisory.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站