search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Cisco Transaction Language 1 (TL1) interface fails to properly validate accounts with blank passwords

Vulnerability Note VU#760432

Original Release Date: 2004-07-27 | Last Revised: 2004-08-05

Overview

There is a vulnerability in the Cisco Transaction Language 1 (TL1) login interface that could allow a remote attacker to gain access to a Cisco ONS device.

Description

Transaction Language 1 (TL1) is a widely used telecommunications management protocol. A default account, CISCO15, contains a blank password, which is to be changed during the install process. There is a vulnerability in the way the TL1 login interface processes long passwords that could permit an attacker to access the Cisco ONS device for accounts that have a blank password. A remote attacker could successfully authenticate to such an account using any password longer than ten characters. The CISCO15 account has super-user privileges.

Note: This issues does not affect the CTC login interface.

Vulnerable:
Cisco ONS 15327 Edge Optical Transport Platform releases:

    • 4.6(0) and 4.6(1)

Cisco ONS 15454 Optical Transport Platform releases:
    • 4.6(0) and 4.6(1)

Cisco ONS 15454 SDH Multiplexer Platform releases:
    • 4.6(0) and 4.6(1)

Not Vulnerable:
Cisco ONS 15600 Multiservice Switching Platform

Impact

A remote attacker could gain access to an account with a blank password set.

Solution

Upgrade

Please refer to the "Software Versions and Fixes" section of the Cisco Advisory for more information on upgrading.

Vendor Information

760432
 
Expand all

Cisco Systems Inc. Affected

Updated:  July 27, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to the Cisco Advisory "Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Malformed Packet Vulnerabilities".

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT).

This document was written by Damon Morda based on information provided by Cisco.

Other Information

CVE IDs: None
Severity Metric: 7.09
Date Public: 2004-07-21
Date First Published: 2004-07-27
Date Last Updated: 2004-08-05 17:55 UTC
Document Revision: 21

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis