ONS15327
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1436 | 0.00 | — | 0.01 | Dec 31, 2004 | The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than… | |||
| CVE-2004-1434 | 0.00 | — | 0.02 | Dec 31, 2004 | Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets. | |||
| CVE-2004-1432 | 0.00 | — | 0.03 | Dec 31, 2004 | Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets. | |||
| CVE-2004-1433 | 0.00 | — | 0.03 | Dec 31, 2004 | Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1)… | |||
| CVE-2004-1435 | 0.00 | — | 0.01 | Dec 31, 2004 | Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number of TCP connections with… | |||
| CVE-2004-0308 | 0.00 | — | 0.00 | Nov 24, 2004 | Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks… | |||
| CVE-2004-0307 | 0.00 | — | 0.01 | Nov 23, 2004 | Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. | |||
| CVE-2004-0306 | 0.00 | — | 0.01 | Nov 23, 2004 | Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1… | |||
| CVE-2002-1555 | 0.00 | — | 0.01 | Mar 31, 2003 | Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information. | |||
| CVE-2002-1558 | 0.00 | — | 0.01 | Mar 31, 2003 | Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. | |||
| CVE-2002-1553 | 0.00 | — | 0.02 | Mar 31, 2003 | Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. | |||
| CVE-2002-1557 | 0.00 | — | 0.00 | Mar 31, 2003 | Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. | |||
| CVE-2002-1554 | 0.00 | — | 0.00 | Mar 31, 2003 | Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup. |
- CVE-2004-1436Dec 31, 2004risk 0.00cvss —epss 0.01
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than…
- CVE-2004-1434Dec 31, 2004risk 0.00cvss —epss 0.02
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets.
- CVE-2004-1432Dec 31, 2004risk 0.00cvss —epss 0.03
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets.
- CVE-2004-1433Dec 31, 2004risk 0.00cvss —epss 0.03
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1)…
- CVE-2004-1435Dec 31, 2004risk 0.00cvss —epss 0.01
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number of TCP connections with…
- CVE-2004-0308Nov 24, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks…
- CVE-2004-0307Nov 23, 2004risk 0.00cvss —epss 0.01
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead.
- CVE-2004-0306Nov 23, 2004risk 0.00cvss —epss 0.01
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1…
- CVE-2002-1555Mar 31, 2003risk 0.00cvss —epss 0.01
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.
- CVE-2002-1558Mar 31, 2003risk 0.00cvss —epss 0.01
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
- CVE-2002-1553Mar 31, 2003risk 0.00cvss —epss 0.02
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
- CVE-2002-1557Mar 31, 2003risk 0.00cvss —epss 0.00
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
- CVE-2002-1554Mar 31, 2003risk 0.00cvss —epss 0.00
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.