Fixes and mitigations are available to address vulnerabilities in 3Com OfficeConnect DSL routers and in several Cisco optical network components that could allow unauthorized access and denial of service attacks.
3Com's OfficeConnect DSL router has a vulnerability in its Web administration interface that allows any local user to reboot the router without authentication, resulting in denial of service. Remote attacks are possible if the Web interface is available in the router's WAN interface, or if a local user clicks on a link to a malicious Web page. The problem affects versions 812 1.1.7, 812 1.1.9 and 812 2.0.
Several Cisco optical network components contain multiple vulnerabilities. Information about fixes are available in the advisory.
The first is in the TFTP service on UDP port 69, which is enabled by default and allows GET and PUT commands without authentication. An attacker can upload maliciously altered system files, which could cause a denial of service. Administrators can mitigate the problem with access control lists that allow only valid network management workstations to gain TFTP access.
The second issue occurs on TCP port 1080, which is vulnerable to an ACK denial of service attack. Administrators can also use access control lists to mitigate this problem by restricting TCP port 1080 access.
Another vulnerability can allow a superuser whose account has been locked, disabled or suspended to login to the VxWorks shell via Telnet, permitting unauthorized access. Administrators can also mitigate this problem with access control lists limiting Telnet access.
These vulnerabilities affect the Cisco ONS 15327 Edge Optical Transport Platform, versions 4.1(0) through 4.1(2) and 4.0(x); the Cisco ONS 15454 Optical Transport Platform and SDH Multiplexer Platform, versions 4.5(x), 4.1(0) through 4.1(2), and 4.0(x); and the Cisco ONS 15600 Multiservice Switching Platform, versions 1.x(x) except 1.1(1).