A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition.
Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data services. These optical devices are managed through a series of control cards, which vary depending on the model of the device. There is a vulnerability in the way the XTC, TCC/TCC+/TCC2 and TCCi/TCC2 control cards handle malformed SNMP packets. By sending specially crafted SNMP packets to a vulnerable optical device, a remote attacker could cause the control cards to reset.
Cisco ONS 15454 Optical Transport Platform releases:
Cisco ONS 15454 SDH Multiplexer Platform releases:
Cisco ONS 15600 Multiservice Switching Platform
A remote, unauthenticated attacker could cause control cards to reset on an affected optical device. Repeated exploitation of this vulnerability could result in a denial of service.
This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT).
This document was written by Damon Morda based on information provided by Cisco.
|Date First Published:||2004-07-27|
|Date Last Updated:||2004-08-05 17:54 UTC|