Denial of Service Vulnerability in Cisco ONS 15454 Controller Cards
CVE-2014-2139

Currently unrated

Key Information:

Vendor: Cisco
Status: Cisco Ons 15454 System Software; Ons 15454
Vendor: CVE Published:; 12 April 2014

Summary

The vulnerability allows remote attackers to exploit Cisco ONS 15454 controller cards running software versions 9.6 and earlier. By executing a TCP FIN attack, an attacker can trigger file-descriptor exhaustion, potentially leading to a denial of service condition. This exploit affects the normal operation of the controller, resulting in a flash write outage that compromises service availability.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Apr 12, 2014
Vulnerability Reserved
Feb 25, 2014