Vulnerabilities > CVE-2006-1672 - Multiple vulnerability in Cisco Optical Networking System and Transport Controller

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cisco

NVD

Published: 2006-04-07

Updated: 2018-10-30

Summary

The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Transport Controller 4.0.X Cisco Optical Networking Systems Software 1.0 Cisco Optical Networking Systems Software 1.1 Cisco Optical Networking Systems Software 1.1\(0\) Cisco Optical Networking Systems Software 1.1\(1\) Cisco Optical Networking Systems Software 1.3\(0\) Cisco Optical Networking Systems Software 3.0 Cisco Optical Networking Systems Software 3.1.0 Cisco Optical Networking Systems Software 3.2 Cisco Optical Networking Systems Software 3.3.0 Cisco Optical Networking Systems Software 3.4.0 Cisco Optical Networking Systems Software 4.0\(1\) Cisco Optical Networking Systems Software 4.0\(2\) Cisco Optical Networking Systems Software 4.0.0 Cisco Optical Networking Systems Software 4.1\(0\) Cisco Optical Networking Systems Software 4.1\(1\) Cisco Optical Networking Systems Software 4.1\(2\) Cisco Optical Networking Systems Software 4.1\(3\) Cisco Optical Networking Systems Software 4.1.4 Cisco Optical Networking Systems Software 4.6\(0\) Cisco Optical Networking Systems Software 4.6\(1\)	21
Hardware	Cisco Cisco ONS 15310 CL Series 0 Cisco ONS 15600 0	2
OS	Cisco Cisco ONS 15454 Mspp *	1

Summary

Vulnerable Configurations

References