CVE-2020-29380

Name of the Vulnerable Software and Affected Versions V-SOL V1600D versions V2.03.57 through V2.03.69 V-SOL V1600D4L version V1.01.49 V-SOL V1600D-MINI version V1.01.48 V-SOL V1600G1 versions V1.9.7 through V2.0.7 V-SOL V1600G2 version V1.1.4

Description An issue was discovered in the V-SOL OLT devices where TELNET is offered by default, but SSH is not always available. This allows an attacker to intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.

Recommendations For V-SOL V1600D versions V2.03.57 through V2.03.69, consider disabling the TELNET service and enabling SSH to encrypt management communications. For V-SOL V1600D4L version V1.01.49, restrict access to the management interface to minimize the risk of exploitation. For V-SOL V1600D-MINI version V1.01.48, avoid using the TELNET protocol for management until a secure alternative is available. For V-SOL V1600G1 versions V1.9.7 through V2.0.7, configure the device to use SSH instead of TELNET for secure management. For V-SOL V1600G2 version V1.1.4, limit access to the management interface to trusted sources only.