Vulnerabilities > CVE-2004-1433 - Unspecified vulnerability in Cisco Optical Networking Systems Software

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
nessus
NVD
Published: 2004-12-31
Updated: 2024-11-20

Summary

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1) TCP and (2) UDP packets.

Vulnerable Configurations

Part Description Count
Application
Cisco
23

Nessus

NASL familyCISCO
NASL idCISCO_ONS_MULTIPLE_VULNERABILITIES.NASL
descriptionThe remote Cisco ONS platform contains various vulnerabilities that may allow a remote attacker to cause a denial of service in the remote control cards or to bypass authentication on the remote device.
last seen2020-06-01
modified2020-06-02
plugin id16201
published2005-01-18
reporterThis script is (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16201
titleCisco ONS Multiple Remote Vulnerabilities (20040721-ons)
code
#
# (C) Tenable Network Security, Inc.
#

#These vulnerabilities are documented as the following Cisco bug IDs
#    * CSCed06531 (IP)
#    * CSCed86946 (ICMP)
#    * CSCec88426/CSCec88508/CSCed85088/CSCeb07263/CSCec21429 (TCP)
#    * CSCec59739/CSCed02439/CSCed22547 (Last-ACK)
#    * CSCec88402/CSCed31918/CSCed83309/CSCec85982/CSCec21435/CSCee03697 (UDP)
#    * CSCea16455/CSCea37089/CSCea37185 (SNMP)
#    * CSCee27329 (passwd)


include("compat.inc");

if(description)
{
 script_id(16201);
 script_cve_id(
   "CVE-2004-1432", 
   "CVE-2004-1433", 
   "CVE-2004-1434", 
   "CVE-2004-1435", 
   "CVE-2004-1436"
 );
 script_bugtraq_id(10768);
 script_version("1.21");

 script_name(english:"Cisco ONS Multiple Remote Vulnerabilities (20040721-ons)");

 script_set_attribute(attribute:"synopsis", value:
"The remote network device is affected by multiple vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The remote Cisco ONS platform contains various vulnerabilities that
may allow a remote attacker to cause a denial of service in the remote
control cards or to bypass authentication on the remote device." );
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040721-ons
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?08fb347d" );
 script_set_attribute(attribute:"solution", value:
"Apply the appropriate update as referenced in the vendor advisory
above." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/01/18");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/07/21");
 script_set_attribute(attribute:"patch_publication_date", value: "2004/07/21");
 script_cvs_date("Date: 2018/11/15 20:50:20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe",value:"cpe:/o:cisco:ons");
script_end_attributes();


 summary["english"] = "Uses SNMP to determine if a flaw is present";
 script_summary(english:summary["english"]);

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is (C) 2005-2018 Tenable Network Security, Inc.");

 script_family(english:"CISCO");

 script_dependencie("snmp_sysDesc.nasl");
 script_require_keys("SNMP/sysDesc");
 exit(0);
}

port = 0;

sysDesc = get_kb_item("SNMP/sysDesc"); 
if ( ! sysDesc ) exit(0);

if ("Cisco ONS" >!< sysDesc ) exit(0);

if ( egrep(pattern:"Cisco ONS 15327.*", string:sysDesc) ) 
{
 version = chomp(ereg_replace(pattern:".*Cisco ONS 15327.* ([0-9.]*)-.*", string:sysDesc, replace:"\1"));
 int_version = eregmatch(pattern:"^([0-9]+)\.([0-9])([0-9])$", string:version);
 if ( int(int_version[1]) <= 3 ) security_hole(port);
 else if ( int(int_version[1]) == 4 && int(int_version[2]) == 0 && int(int_version[3]) <= 2) security_hole(port);
 else if ( int(int_version[1]) == 4 && int(int_version[2]) == 1 && int(int_version[3]) <= 3) security_hole(port);
 else if ( int(int_version[1]) == 4 && int(int_version[2]) == 6 && int(int_version[3]) <= 1) security_hole(port);
}
else if ( egrep(pattern:"Cisco ONS 15454.*", string:sysDesc) ) 
{
 version = chomp(ereg_replace(pattern:".*Cisco ONS 15454.* ([0-9.]*)-.*", string:sysDesc, replace:"\1"));
 int_version = eregmatch(pattern:"^([0-9]+)\.([0-9])([0-9])$", string:version);
 if ( int(int_version[1]) <= 3 ) security_hole(port);
 else if ( int(int_version[1]) == 4 && int(int_version[2]) == 0 && int(int_version[3]) <= 2) security_hole(port);
 else if ( int(int_version[1]) == 4 && int(int_version[2]) == 1 && int(int_version[3]) <= 3) security_hole(port);
 else if ( int(int_version[1]) == 4 && int(int_version[2]) == 5 ) security_hole(port);
 else if ( int(int_version[1]) == 4 && int(int_version[2]) == 6 && int(int_version[3]) <= 1) security_hole(port);
}
else if ( egrep(pattern:"Cisco ONS 15600.*", string:sysDesc) ) 
{
 version = chomp(ereg_replace(pattern:".*Cisco ONS 15600.* ([0-9.]*)-.*", string:sysDesc, replace:"\1"));
 int_version = eregmatch(pattern:"^([0-9]+)\.([0-9])([0-9])$", string:version);
 if ( int(int_version[1]) <= 1 ) security_hole(port);
}

References