CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
95.6%
The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing “fs/LAUNCHER.jar”, which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | transport_controller | 4.0.x | cpe:2.3:a:cisco:transport_controller:4.0.x:*:*:*:*:*:*:* |
cisco | optical_networking_systems_software | 1.0 | cpe:2.3:a:cisco:optical_networking_systems_software:1.0:*:*:*:*:*:*:* |
cisco | optical_networking_systems_software | 1.1 | cpe:2.3:a:cisco:optical_networking_systems_software:1.1:*:*:*:*:*:*:* |
cisco | optical_networking_systems_software | 1.1(0) | cpe:2.3:a:cisco:optical_networking_systems_software:1.1\(0\):*:*:*:*:*:*:* |
cisco | optical_networking_systems_software | 1.1(1) | cpe:2.3:a:cisco:optical_networking_systems_software:1.1\(1\):*:*:*:*:*:*:* |
cisco | optical_networking_systems_software | 1.3(0) | cpe:2.3:a:cisco:optical_networking_systems_software:1.3\(0\):*:*:*:*:*:*:* |
cisco | optical_networking_systems_software | 3.0 | cpe:2.3:a:cisco:optical_networking_systems_software:3.0:*:*:*:*:*:*:* |
cisco | optical_networking_systems_software | 3.1.0 | cpe:2.3:a:cisco:optical_networking_systems_software:3.1.0:*:*:*:*:*:*:* |
cisco | optical_networking_systems_software | 3.2 | cpe:2.3:a:cisco:optical_networking_systems_software:3.2:*:*:*:*:*:*:* |
cisco | optical_networking_systems_software | 3.3.0 | cpe:2.3:a:cisco:optical_networking_systems_software:3.3.0:*:*:*:*:*:*:* |