Cisco Transport Controller vulnerabilities

CVE-2006-1672 [HIGH] CVE-2006-1672: The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.

CVE-2006-1671 [MEDIUM] CVE-2006-1671: Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow rem Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; a