Vulnerabilities > CVE-2006-1671 - Multiple vulnerability in Cisco Optical Networking System and Transport Controller
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558. The vendor has released fixes to address these issues.
Vulnerable Configurations
References
- http://secunia.com/advisories/19553
- http://securitytracker.com/id?1015872
- http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml
- http://www.osvdb.org/24435
- http://www.osvdb.org/24436
- http://www.osvdb.org/24437
- http://www.securityfocus.com/bid/17384
- http://www.vupen.com/english/advisories/2006/1256
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25644
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25645
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25646