{"vuid":"VU#181721","idnumber":"181721","name":"Alcatel Operating System (AOS) does not require a password for accessing the telnet server","keywords":["Alcatel","OmniSwitch","7700/7800","Alcatel Operating System","AOS","no password","telnet server","port 6778/tcp"],"overview":"The OmniSwitch 7700/7800 running Alcatel Operating System (AOS) version 5.1.1 has TCP port 6778 listening as a telnet server. This gives anyone access to the OmniSwitch's Vx-Works operating system without requiring a password.","clean_desc":"During an NMAP audit of the AOS 5.1.1 code that runs on the Alcatel OmniSwitch 7700/7800 LAN switches, it was determined a telnet server was listening on TCP port number 6778. This was used during development to access the Wind River Vx-Works operating system. Due to an oversight, this access was not removed prior to product release.","impact":"Anyone running NMAP on AOS 5.1.1 will see port 6778 listening. The attacker is able to telnet to the port and access the OmniSwitch operating system without a password. This backdoor compromises the entire system.","resolution":"1) Immediate - create an ACL blocking all access to TCP port 6778. 2) Short-term - Alcatel Customer Support has updated code that removes this backdoor. This fix is part of AOS 5.1.1.R02 and AOS 5.1.1.R03. Contact Customer Support for this updated code. 3) Permanent - the generally available AOS code--the code that ships with each OmniSwitch--will have this vulnerability removed as of AOS 5.1.3.","workarounds":"","sysaffected":"","thanks":"Thanks to Alcatel for reporting this vulnerability.","author":"This document was written by Alcatel's Olivier Paridaens and Jeff Hayes. This document was published by Ian A. Finlay.","public":["http://www.alcatel.com/support","http://www.ind.alcatel.com/nextgen/OmniSwitch_7000_brief.pdf","http://www.ind.alcatel.com/specs/index.cfm?cnt=7000"],"cveids":["CVE-2002-1272"],"certadvisory":"CA-2002-32","uscerttechnicalalert":null,"datecreated":"2002-11-20T15:01:43Z","publicdate":"2002-11-20T00:00:00Z","datefirstpublished":"2002-11-20T16:14:33Z","dateupdated":"2002-11-21T18:09:14Z","revision":20,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"18","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"49.5","cam_scorecurrentwidelyknown":"57","cam_scorecurrentwidelyknownexploited":"87","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":49.5,"vulnote":null}