Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities

Vulnerability

The web-based management interface of Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) contains multiple vulnerabilities. An unauthenticated, remote attacker can log in with a default credential if the Telnet protocol is enabled, perform command injection, or modify the configuration. These issues affect Cisco Catalyst PON Series ONT devices running firmware versions prior to the fixed release [1].

Exploitation

An attacker needs only network access to the vulnerable ONT's web or Telnet interface. No authentication is required; the attacker can exploit the default credential (if Telnet is enabled) to gain initial access, then leverage command injection or configuration modification to execute arbitrary commands or alter device settings. The exact steps are not detailed in the advisory, but the flaws are remotely exploitable without user interaction [1].

Impact

Successful exploitation results in full compromise of the ONT device. An attacker could gain unauthorized access, execute arbitrary commands with root privileges, modify device configuration, and potentially pivot to other network devices. The CIA impact is high, with complete loss of confidentiality, integrity, and availability of the affected ONT [1].

Mitigation

Cisco has released free software updates to address these vulnerabilities. Customers should upgrade to the latest fixed firmware version as specified in the Cisco Security Advisory [1]. No workarounds are mentioned; enabling Telnet may be disabled as a precaution. The advisory does not list the CVEs on CISA's Known Exploited Vulnerabilities (KEV) catalog [1].