PT-2004-2351 · Cisco · Cisco Ons 15454+2
Published
2004-12-31
·
Updated
2018-10-30
·
CVE-2004-1436
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Cisco ONS 15327 versions 4.6(0) through 4.6(1)
Cisco ONS 15454 versions 4.6(0) through 4.6(1)
Cisco ONS 15454 SDH versions 4.6(0) through 4.6(1)
Description:
The issue allows remote attackers to gain unauthorized access to the system by exploiting the TL1 login interface when a user account is configured with a blank password. This can be done by logging in with a password larger than 10 characters.
Recommendations:
For Cisco ONS 15327 versions 4.6(0) and 4.6(1), configure user accounts with non-blank passwords to prevent unauthorized access.
For Cisco ONS 15454 versions 4.6(0) and 4.6(1), configure user accounts with non-blank passwords to prevent unauthorized access.
For Cisco ONS 15454 SDH versions 4.6(0) and 4.6(1), configure user accounts with non-blank passwords to prevent unauthorized access.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Ons 15327
Cisco Ons 15454
Cisco Ons 15454 Sdh