Description
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters.
Product(s):
- Cisco Optical Networking Systems Software (ONS) 1.0
- Cisco Optical Networking Systems Software (ONS) 1.1
- Cisco Optical Networking Systems Software (ONS) 1.1(0)
- Cisco Optical Networking Systems Software (ONS) 1.1(1)
- Cisco Optical Networking Systems Software (ONS) 1.3(0)
- Cisco Optical Networking Systems Software (ONS) 2.3(5)
- Cisco Optical Networking Systems Software (ONS) 3.0
- Cisco Optical Networking Systems Software (ONS) 3.1.0
- Cisco Optical Networking Systems Software (ONS) 3.2.0
- Cisco Optical Networking Systems Software (ONS) 3.2
- Cisco Optical Networking Systems Software (ONS) 3.3.0
- Cisco Optical Networking Systems Software (ONS) 3.4.0
- Cisco Optical Networking Systems Software (ONS) 4.0.0
- Cisco Optical Networking Systems Software (ONS) 4.0(0)
- Cisco Optical Networking Systems Software (ONS) 4.0 (1)
- Cisco Optical Networking Systems Software (ONS) 4.0 (2)
- Cisco Optical Networking Systems Software (ONS) 4.1(0)
- Cisco Optical Networking Systems Software (ONS) 4.1(1)
- Cisco Optical Networking Systems Software (ONS) 4.1(2)
- Cisco Optical Networking Systems Software (ONS) 4.1(3)
- Cisco Optical Networking Systems Software (ONS) 4.5
- Cisco Optical Networking Systems Software (ONS) 4.6(0)
- Cisco Optical Networking Systems Software (ONS) 4.6(1)
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1436, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1436 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.