Vulnerability Description
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Optical Networking Systems Software | 1.0 |
References
- http://secunia.com/advisories/12117
- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtmlVendor Advisory
- http://www.kb.cert.org/vuls/id/760432Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10768
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16766
- http://secunia.com/advisories/12117
- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtmlVendor Advisory
- http://www.kb.cert.org/vuls/id/760432Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10768
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16766
FAQ
What is CVE-2004-1436?
CVE-2004-1436 is a vulnerability with a CVSS score of 7.5 (HIGH). The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote ...
How severe is CVE-2004-1436?
CVE-2004-1436 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1436?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Optical Networking Systems Software.