Vulnerability Note VU#277048
Multiple Cisco ONS control cards fail to properly handle invalid TCP responses
A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition.
Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data services. These optical devices are managed through a series of control cards, which vary depending on the model of the device. There is a vulnerability in the way the XTC, TCC/TCC+/TCC2 and TCCi/TCC2 control cards handle invalid TCP responses. By sending an invalid TCP response to a vulnerable optical device, a remote attacker can cause the connection to enter an invalid TCP state. This could result in the control cards reseting.
Cisco ONS 15454 Optical Transport Platform releases:
Cisco ONS 15454 SDH Multiplexer Platform releases:
Cisco ONS 15600 Multiservice Switching Platform
A remote, unauthenticated attacker could cause control cards to reset on an affected optical device. Repeated exploitation of this vulnerability could result in a denial of service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems Inc.||Affected||-||27 Jul 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by the Cisco Systems Product Security Incident Response Team ( PSIRT ) .
This document was written by Damon Morda based on information provided by Cisco.
- CVE IDs: Unknown
- Date Public: 21 Jul 2004
- Date First Published: 27 Jul 2004
- Date Last Updated: 05 Aug 2004
- Severity Metric: 8.03
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.