Wednesday, July 13, 2005

Cisco Security Advisory: Cisco ONS 15216 OADM Telnet Denial-of-Service Vulnerability

Via the Cisco website.

The Cisco ONS 15216 OADM (Optical Add/Drop Multiplexer) contains a vulnerability in the handling of telnet sessions that can cause a denial-of-service condition in the management plane. Traffic going through the Cisco ONS 15216 OADM (i.e. transit traffic), is not affected when the management plane is under a denial-of-service condition. However, clearing the denial-of-service condition on the management plane requires resetting the device, which impacts transit traffic.

Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.

Vulnerable Products

Only the Cisco ONS 15216 OADM running software release 2.2.2 and earlier is affected by the vulnerability described in this advisory.

To determine your software revision, launch a TL1 session and use the RTRV-NE-GEN command at the TL1 prompt to retrieve the software version information like in the following example:

> RTRV-NE-GEN:::100;

TID-000 98-06-20 14-30-00 M001COMPLD"VENDOR=CISCO, MODEL=SOADM-1CH-1530.33,
SN=0001,SOFTWARE=2.0.0, SOFTWAREUPDATE=1-3-2001,FIRMWARE=1.2.7,
FIRMWAREUPDATE=1-3-2001,CHANNUM=1,LAMBDA1=1530.33,ALM-LOSDROP-WEST-1=ON,
ALM-LOSDROP-EAST-1=ON,NAME=SOADM-1,LONGITUDE=100,LATITUDE=45,
IPADDRESS=10.0.0.2,IPMASK=255.0.0.0,A_POWER=OPERATING, B_POWER=OPERATING";

This output shows that ONS 15216 OADM is running software release 2.0.0.

0 Comments:

Post a Comment

<< Home