Remote Privilege Escalation in Cisco ONS15454 and ONS15327 Products
CVE-2002-1558

Currently unrated

Key Information:

Vendor: Cisco
Status: Optical Networking Systems Software
Vendor: CVE Published:; 31 March 2003

Summary

The Cisco ONS15454 and ONS15327 products, running ONS versions prior to 3.4, contain a default account for the VxWorks Operating System that cannot be changed or disabled. This vulnerability allows remote attackers to connect to the account via Telnet, potentially gaining unauthorized privileges and access to the system. It is crucial for users of these products to take immediate action to secure their installations.

References

http://www.iss.net/security_center/static/10510.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6083

vdb-entryx_refsource_BID

http://www.cisco.com/warp/public/707/ons-multiple-vuln-pu...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Mar 31, 2003
Vulnerability Reserved
Mar 4, 2003