CERTA-2005-AVI-264

Vulnerability from certfr_avis - Published: 2005-07-15 - Updated: 2005-07-15

None

Description

Le produit clef-en-main CISCO ONS 15216 OADM (Optical Add/Drop Multiplexer) permet le multiplexage de fibre optique. Il peut être administré via le service Telnet.

Une faille dans la gestion des sessions Telnet permettrait à un utilisateur mal intentionné, après avoir ouvert une session (ce qui nécessite une authentification préalable), de causer un déni de service via certaines requêtes habilement construites.

Le déni de service n'impacte que le service d'administration à distance, et le trafic n'est en rien perturbé par une telle attaque. En revanche, un redémarrage de la machine est necessaire pour réactiver le service d'administration, ce qui provoque une interruption du trafic.

Solution

Utiliser CISCO ONS 15216 OADM version 2.2.3

CISCO ONS 15216 OADM version 2.2.2 et versions antérieures.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCISCO ONS 15216 OADM version 2.2.2 et  versions ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nLe produit clef-en-main CISCO ONS 15216 OADM (Optical Add/Drop\nMultiplexer) permet le multiplexage de fibre optique. Il peut \u00eatre\nadministr\u00e9 via le service Telnet.  \n\nUne faille dans la gestion des sessions Telnet permettrait \u00e0 un\nutilisateur mal intentionn\u00e9, apr\u00e8s avoir ouvert une session (ce qui\nn\u00e9cessite une authentification pr\u00e9alable), de causer un d\u00e9ni de service\nvia certaines requ\u00eates habilement construites.  \n\nLe d\u00e9ni de service n\u0027impacte que le service d\u0027administration \u00e0 distance,\net le trafic n\u0027est en rien perturb\u00e9 par une telle attaque. En revanche,\nun red\u00e9marrage de la machine est necessaire pour r\u00e9activer le service\nd\u0027administration, ce qui provoque une interruption du trafic.\n\n## Solution\n\nUtiliser CISCO ONS 15216 OADM version 2.2.3\n",
  "cves": [],
  "initial_release_date": "2005-07-15T00:00:00",
  "last_revision_date": "2005-07-15T00:00:00",
  "links": [],
  "reference": "CERTA-2005-AVI-264",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service sur la fonctionnalit\u00e9 de gestion \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans CISCO ONS 15216 OADM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CISCO 65541 du 13 juillet 2005",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20050713-ons.shtml"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.