The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote malicious users to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco transport controller 4.0.x |
||
cisco ons 15454 mspp |
||
cisco ons 15600 0 |
||
cisco ons 15310-cl series 0 |
||
cisco optical networking systems software 3.2 |
||
cisco optical networking systems software 3.3.0 |
||
cisco optical networking systems software 3.4.0 |
||
cisco optical networking systems software 4.0.0 |
||
cisco optical networking systems software 3.1.0 |
||
cisco optical networking systems software 4.6(1) |
||
cisco optical networking systems software 1.0 |
||
cisco optical networking systems software 1.1 |
||
cisco optical networking systems software 1.1(0) |
||
cisco optical networking systems software 1.1(1) |
||
cisco optical networking systems software 4.1(2) |
||
cisco optical networking systems software 4.1(3) |
||
cisco optical networking systems software 4.1.4 |
||
cisco optical networking systems software 4.6(0) |
||
cisco optical networking systems software 4.0(2) |
||
cisco optical networking systems software 4.1(0) |
||
cisco optical networking systems software 4.1(1) |
||
cisco optical networking systems software 4.0(1) |
||
cisco optical networking systems software 1.3(0) |
||
cisco optical networking systems software 3.0 |