Multiple vulnerabilities in Cisco Routed Passive Optical Network (PON) Controller Software
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU97229
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20483
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRouted Passive Optical Network (PON) Controller Software: 24.1 - 24.3
NCS 540-24Q8L2DD-SYS Router : All versions
NCS 540-24Z8Q2C-SYS Router : All versions
NCS 540-28Z4C-SYS-A Router : All versions
NCS 540-28Z4C-SYS-D Router : All versions
NCS 540-ACC-SYS Router : All versions
NCS 540X-16Z4G8Q2C-A Router : All versions
NCS 540X-16Z4G8Q2C-D Router : All versions
NCS 55A1-24Q6H-SS: All versions
NCS 55A2-MOD-SE-S: All versions
Cisco Network Convergence System NCS-57C1-48Q6-SYS: All versions
NCS 57C3-MOD: All versions
CPE2.3- cpe:2.3:a:cisco_systems:routed_passive_optical_network_pon_controller_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:routed_passive_optical_network_pon_controller_software:24.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:routed_passive_optical_network_pon_controller_software:24.2:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-24q8l2dd-sys_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-24z8q2c-sys_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-28z4c-sys-a_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-28z4c-sys-d_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-acc-sys_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540x-16z4g8q2c-a_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540x-16z4g8q2c-d_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_55a1-24q6h-ss:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_55a2-mod-se-s:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_network_convergence_system_ncs-57c1-48q6-sys:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_57c3-mod:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext storage of sensitive information
EUVDB-ID: #VU97231
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20489
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper storage of the unencrypted database credentials on the device. A local user can access the configuration files and view MongoDB credentials.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRouted Passive Optical Network (PON) Controller Software: 24.1 - 24.3
NCS 540-24Q8L2DD-SYS Router : All versions
NCS 540-24Z8Q2C-SYS Router : All versions
NCS 540-28Z4C-SYS-A Router : All versions
NCS 540-28Z4C-SYS-D Router : All versions
NCS 540-ACC-SYS Router : All versions
NCS 540X-16Z4G8Q2C-A Router : All versions
NCS 540X-16Z4G8Q2C-D Router : All versions
NCS 55A1-24Q6H-SS: All versions
NCS 55A2-MOD-SE-S: All versions
Cisco Network Convergence System NCS-57C1-48Q6-SYS: All versions
NCS 57C3-MOD: All versions
CPE2.3- cpe:2.3:a:cisco_systems:routed_passive_optical_network_pon_controller_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:routed_passive_optical_network_pon_controller_software:24.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:routed_passive_optical_network_pon_controller_software:24.2:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-24q8l2dd-sys_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-24z8q2c-sys_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-28z4c-sys-a_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-28z4c-sys-d_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540-acc-sys_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540x-16z4g8q2c-a_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_540x-16z4g8q2c-d_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_55a1-24q6h-ss:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_55a2-mod-se-s:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_network_convergence_system_ncs-57c1-48q6-sys:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ncs_57c3-mod:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
