| VID |
29026 |
| Severity |
40 |
| Port |
6778 |
| Protocol |
TCP |
| Class |
TELNET |
| Detailed Description |
The Alcatel OmniSwitch does not require a password for accessing the telnet server.
The OmniSwitch 7700/7800 running Alcatel Operating System (AOS) version 5.1.1 has TCP port 6778 listening as a telnet server. This gives anyone access to the OmniSwitch's Vx-Works operating system without requiring a password. An attacker can gain full access to any device running AOS version 5.1.1, which can result in, but is not limited to, unauthorized access, unauthorized monitoring, information leakage, or denial of service.
* Platforms Affected:
Alcatel OmniSwitch 7700/7800 switches running Alcatel Operating System (AOS) version 5.1.1
* References:
http://www.cert.org/advisories/CA-2002-32.html
http://www.ind.alcatel.com/nextgen/OmniSwitch_7000_brief.pdf |
| Recommendation |
Upgrade to AOS 5.1.1.R02 or AOS 5.1.1.R03. Contact Alcatel's Customer Support ( http://www.alcatel.com/support/ ) for the updated AOS.
As a workaround, block access to port 6778/TCP at your network perimeter. |
| Related URL |
CVE-2002-1272 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
