CVE-2008-3818 - OpenCVE

Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Ons Ons 15310-cl Ons 15327 Ons 15600 Ons 15310-ma Ons 15454sdh Ons 15454

Configuration 1 [-]

AND

OR	cpe:2.3:a:cisco:ons:7.0.2:::::::*
	cpe:2.3:a:cisco:ons:7.0.4:::::::*
	cpe:2.3:a:cisco:ons:7.0.5:::::::*
	cpe:2.3:a:cisco:ons:7.2.0:::::::*
	cpe:2.3:a:cisco:ons:7.2.2:::::::*
	cpe:2.3:a:cisco:ons:8.0:::::::*
	cpe:2.3:a:cisco:ons:8.5.0:::::::*
	cpe:2.3:a:cisco:ons:8.5.1:::::::*
	cpe:2.3:a:cisco:ons:8.5.2:::::::*

OR	cpe:2.3:h:cisco:ons_15310-cl::::::::
	cpe:2.3:h:cisco:ons_15310-ma::::::::
	cpe:2.3:h:cisco:ons_15327::::::::
	cpe:2.3:h:cisco:ons_15454::::::::
	cpe:2.3:h:cisco:ons_15454sdh::::::::
	cpe:2.3:h:cisco:ons_15600::::::::

References

Link	Resource
http://securitytracker.com/id?1021592
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4fa.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33261
http://www.vupen.com/english/advisories/2009/0139
https://exchange.xforce.ibmcloud.com/vulnerabilities/47940

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2009-01-16T21:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-08-27T00:00:00

Link: CVE-2008-3818

JSON object: View

NVD Information

Status : Modified

Published: 2009-01-16T21:30:00.187

Modified: 2017-08-08T01:32:11.387

Link: CVE-2008-3818

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "cisco-ons-controlcard-dos(47940)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47940"}, {"name": "ADV-2009-0139", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0139"}, {"name": "20090114 Cisco ONS Platform Crafted Packet Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4fa.shtml"}, {"name": "1021592", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1021592"}, {"name": "33261", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33261"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2008-3818", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cisco-ons-controlcard-dos(47940)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47940"}, {"name": "ADV-2009-0139", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0139"}, {"name": "20090114 Cisco ONS Platform Crafted Packet Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4fa.shtml"}, {"name": "1021592", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021592"}, {"name": "33261", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33261"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2008-3818", "datePublished": "2009-01-16T21:00:00", "dateReserved": "2008-08-27T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ons:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A4A568B-304B-4523-9441-1179D372BA83", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ons:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5DCC483E-B58E-403C-8080-FB0B0DCB777F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ons:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "37416556-05E2-48F8-ABED-038459B0FBA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ons:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D2E8DD7-5086-4073-990B-5F5D92FAEF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ons:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1449B3C0-A485-4E8A-8337-64C1E85596E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ons:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "682C2AF5-EB85-437B-A147-5CB92610A8C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ons:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "49A99E5A-6190-458F-9191-5CEA774F121C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ons:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3EE6182B-2A77-47B1-AB8A-8E12C2CD905E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ons:8.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "62992D9B-8D46-436A-B115-F7B687A24776", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ons_15310-cl:*:*:*:*:*:*:*:*", "matchCriteriaId": "67D1F3C9-85A5-44F9-8198-28FFDF87A3C0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ons_15310-ma:*:*:*:*:*:*:*:*", "matchCriteriaId": "3769407E-D311-45DF-86D7-46098F5B6C36", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ons_15327:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F98E52B-161E-41B7-BCFD-EA6E53FA23B4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ons_15454:*:*:*:*:*:*:*:*", "matchCriteriaId": "054BA906-B607-4A65-A6E3-D3D7F8096235", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ons_15454sdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FE53BD6-BE23-40A5-BE4E-62B3088EC8B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ons_15600:*:*:*:*:*:*:*:*", "matchCriteriaId": "811149AD-89DC-4D93-A598-F6318C9EA64B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session."}, {"lang": "es", "value": "Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, y 15600 con software v7.0.2 hasta v7.0.6, v7.2.2, v8.0.x, v8.5.1, y v8.5.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio de tarjeta de control) mediante una sesi\u00f3n TCP manipulada."}], "id": "CVE-2008-3818", "lastModified": "2017-08-08T01:32:11.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-16T21:30:00.187", "references": [{"source": "ykramarz@cisco.com", "url": "http://securitytracker.com/id?1021592"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4fa.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/33261"}, {"source": "ykramarz@cisco.com", "url": "http://www.vupen.com/english/advisories/2009/0139"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47940"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}