Cisco Security Advisory 20040219 - Multiple vulnerabilities exist in the Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform. With one vulnerability, the TFTP service on UDP port 69 is enabled by default to allow both GET and PUT commands to be executed without any authentication. Another allows for an ACK Denial of Service (DoS) attack on TCP port 1080. Another involves telnet, where access to the underlying VxWorks operating system, by default, is restricted to Superusers only. Due to this vulnerability, a superuser whose account is locked out, disabled, or suspended is still able to login into the VxWorks shell, using their previously configured password.
