Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities

Vulnerability

The Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) contains multiple vulnerabilities in its web-based management interface [1]. An unauthenticated, remote attacker could exploit these issues to log in using a default credential if the Telnet protocol is enabled, perform command injection, or modify the device configuration. Affected versions are those running firmware prior to the fixed releases specified in the Cisco advisory [1].

Exploitation

An attacker only needs network access to the affected device's management interface [1]. No authentication is required. By leveraging the default credential (specific details not publicly disclosed), the attacker can gain Telnet access if Telnet is enabled [1]. Alternatively, the attacker can send crafted HTTP requests to the web management interface to perform command injection or configuration modification [1].

Impact

Successful exploitation could allow the attacker to gain unauthorized access to the device with a default credential, execute arbitrary commands on the underlying operating system, or alter the device configuration [1]. This could lead to full compromise of the ONT, enabling interception or disruption of traffic on the passive optical network [1].

Mitigation

Cisco has released free software updates addressing these vulnerabilities [1]. Customers should upgrade to the appropriate fixed version as indicated in the advisory [1]. As a workaround, disabling Telnet and restricting access to the management interface can reduce exposure [1]. No KEV listing is mentioned.