MidnightBSD

Advisories for alcatel-lucent

CVE-2002-0293 MEDIUM

FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel-lucent omnipcx 4400
CVE-2002-0294 LOW

Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel-lucent omnipcx 4400
CVE-2002-0295 MEDIUM

Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel-lucent omnipcx 4400
CVE-2002-1691 HIGH

Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel-lucent omnipcx 4400
CVE-2003-1108 MEDIUM

The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel-lucent omnipcx 5.0
CVE-2010-3279 HIGH

The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
alcatel-lucent ccagent *
alcatel-lucent ccagent 7.1
alcatel-lucent omnitouch_contact_center -
CVE-2010-3280 MEDIUM

The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
alcatel-lucent ccagent *
alcatel-lucent ccagent 7.1
alcatel-lucent omnitouch_contact_center -
CVE-2010-3281 MEDIUM

Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
alcatel-lucent omnivista_4760_server 4.1.13.00
alcatel-lucent omnivista_4760_server 5.1
alcatel-lucent omnivista_4760_server *
alcatel-lucent omnivista_4760_server 5.0
alcatel-lucent omnivista_4760_server 5.1.06.03.c
CVE-2011-0344 MEDIUM

Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
alcatel-lucent omnipcx 6.2
alcatel-lucent omnipcx 7.0
alcatel-lucent omnipcx *
alcatel-lucent omnipcx 7.1
alcatel-lucent omnipcx 5.0
alcatel-lucent omnipcx 8.0
CVE-2011-0345 LOW

Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
alcatel-lucent omnivista *
alcatel-lucent omnivista 4760_r5.0.07.05
CVE-2013-4653 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
alcatel-lucent omnitouch_8460_advanced_communication_server *
alcatel-lucent omnitouch_8660_my_teamwork *
alcatel-lucent omnitouch_8400_instant_communications_suite *
alcatel-lucent omnitouch_8670_automated_delivery_message_delivery_system *
CVE-2015-2804 MEDIUM

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
alcatel-lucent omniswitch_firmware *
CVE-2015-2805 MEDIUM

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
alcatel-lucent omniswitch_firmware *
CVE-2015-4586 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
alcatel-lucent cellpipe_7130_rg_5ae.m2013_hol_firmware 1.0.0.20h.hol
CVE-2015-4587 MEDIUM

Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
alcatel-lucent cellpipe_7130_router_firmware 1.0.0.20h.hol
CVE-2015-6498 MEDIUM

Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
alcatel-lucent home_device_manager *
alcatel-lucent home_device_manager 4.2.0
alcatel-lucent home_device_manager 4.2.1
CVE-2015-8687 LOW

Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
alcatel-lucent motive_home_device_manager *
CVE-2016-9796 HIGH

Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,CWE-287,

Products Affected

Vendor Product Version
alcatel-lucent omnivista_8770_network_management_system 2.0
alcatel-lucent omnivista_8770_network_management_system 3.0
alcatel-lucent omnivista_8770_network_management_system 2.6