The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote malicious users to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco transport controller 4.0.x |
||
cisco optical networking systems software 3.3.0 |
||
cisco optical networking systems software 3.4.0 |
||
cisco optical networking systems software 4.1\\(3\\) |
||
cisco optical networking systems software 4.1.4 |
||
cisco optical networking systems software 1.3\\(0\\) |
||
cisco ons 15310-cl series 0 |
||
cisco optical networking systems software 4.0.0 |
||
cisco optical networking systems software 4.0\\(1\\) |
||
cisco optical networking systems software 4.6\\(0\\) |
||
cisco optical networking systems software 4.6\\(1\\) |
||
cisco ons 15600 0 |
||
cisco optical networking systems software 3.0 |
||
cisco optical networking systems software 4.0\\(2\\) |
||
cisco optical networking systems software 4.1\\(0\\) |
||
cisco ons 15454 mspp |
||
cisco optical networking systems software 1.0 |
||
cisco optical networking systems software 1.1 |
||
cisco optical networking systems software 3.1.0 |
||
cisco optical networking systems software 3.2 |
||
cisco optical networking systems software 4.1\\(1\\) |
||
cisco optical networking systems software 4.1\\(2\\) |
||
cisco optical networking systems software 1.1\\(0\\) |
||
cisco optical networking systems software 1.1\\(1\\) |
Vulmon