Vulnerability Note VU#486224
Multiple Cisco ONS control cards fail to properly handle malformed UDP packets
A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition.
Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data services. These optical devices are managed through a series of control cards, which vary depending on the model of the device. There is a vulnerability in the way the XTC, TCC/TCC+/TCC2, TCCi/TCC2, and TSC control cards handle malformed UDP packets. By sending specially crafted UDP packets to a vulnerable optical device, a remote attacker could cause the control cards to reset.
Cisco ONS 15454 Optical Transport Platform releases:
Cisco ONS 15454 SDH Multiplexer Platform releases:
Cisco ONS 15600 Multiservice Switching Platform
A remote, unauthenticated attacker could cause control cards to reset on an affected optical device. Repeated exploitation of this vulnerability could result in a denial of service. For more information on the impact of this vulnerability, please refer to the "Impact" section of the Cisco Advisory.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems Inc.||Affected||-||27 Jul 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by the Cisco Systems Product Security Incident Response Team ( PSIRT ) .
This document was written by Damon Morda based on information provided by Cisco.
- CVE IDs: Unknown
- Date Public: 21 Jul 2004
- Date First Published: 27 Jul 2004
- Date Last Updated: 05 Aug 2004
- Severity Metric: 8.03
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.