CVE-2006-1671

CWE-399 CWE-94 — Code Injection4 documents4 sources

Severity

5.0MEDIUM

EPSS

2.5%

top 14.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ONS 15310-cl Series Cisco ONS 15600 Cisco Optical Networking Systems Software +1 more

Timeline

PublishedApr 7

Latest updateMay 1

Description

Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDcisco/optical_networking_systems_software20 versions+19

▶NVDcisco/ons_15310-cl_series0

▶NVDcisco/transport_controller4.0.x

▶NVDcisco/ons_156000

🔴Vulnerability Details

GHSA

GHSA-58gc-2cp7-m5wg: Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card r↗2022-05-01

▶

CVEList

CVE-2006-1671: Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card r↗2006-04-07

▶

📋Vendor Advisories

Cisco

Cisco Optical Networking System 15000 Series and Cisco Transport Controller Vulnerabilities↗2006-04-05

▶