|
|
@@ -8,6 +8,18 @@
|
|
|
* https://www.cvedetails.com/cve/CVE-2007-5190/
|
|
|
* https://github.com/malerisch/omnivista-8770-unauth-rce
|
|
|
|
|
|
+## CVEs
|
|
|
+The followinf CVEs have been assigned on 27/12/2019:
|
|
|
+ * 4760 pre-auth RCE [CVE-2019-20049](https://nvd.nist.gov/vuln/detail/CVE-2019-20049)
|
|
|
+ * 4760 and 8770 Directory manager credentials leak [CVE-2019-20047](https://nvd.nist.gov/vuln/detail/CVE-2019-20047)
|
|
|
+ * 8770 post-auth RCE [CVE-2019-20048](https://nvd.nist.gov/vuln/detail/CVE-2019-20048)
|
|
|
+
|
|
|
+Furthermore, (Alcatel-Lucent has published a statement acknowledging the issues)[https://www.al-enterprise.com/en/-/media/assets/internet/documents/sa-c0065-ov8770-rce-vulnerability-en.pdf].
|
|
|
+
|
|
|
+## Fix
|
|
|
+As per Alcatel-Lucent statement 4760 will remain unpatched as it is a discontinued product.
|
|
|
+8770 should be fixed `4.1.2` and `4.2`.
|
|
|
+
|
|
|
## Intro
|
|
|
Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common Voip solution. This software is used to manage the Voip accounts as well as to serve as a public directory. [Official product page](https://www.al-enterprise.com/en/products/communications-management-security/omnivista-8770-network-management-system).
|
|
|
|
