CVE-2004-0308

CVE-2004-0308 is a critical-severity vulnerability in Cisco Optical Networking Systems Software with a CVSS 2.0 base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell.

Frequently asked questions

What is CVE-2004-0308?
Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell.
How severe is CVE-2004-0308?
CVE-2004-0308 has a CVSS 2.0 base score of 10.0, rated critical severity.
Is CVE-2004-0308 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (75th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2004-0308?
CVE-2004-0308 primarily affects Cisco Optical Networking Systems Software. In total, 10 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2004-0308?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
When was CVE-2004-0308 published?
CVE-2004-0308 was published on 2004-11-24 and last updated on 2026-06-16.

References

Affected products (10)

More vulnerabilities in Cisco Optical Networking Systems Software

All CVEs affecting Cisco Optical Networking Systems Software →