From c92ad38fcbdfc74faee1f4273337a32bd4e2460b Mon Sep 17 00:00:00 2001
From: Giulio <giulio@gmx.com>
Date: Sat, 28 Dec 2019 01:28:48 +0100
Subject: [PATCH] Added CVE and vendor statement

---
 README.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/README.md b/README.md
index 605e095..511f712 100755
--- a/README.md
+++ b/README.md
@@ -8,6 +8,18 @@
 * https://www.cvedetails.com/cve/CVE-2007-5190/
 * https://github.com/malerisch/omnivista-8770-unauth-rce
 
+## CVEs
+The followinf CVEs have been assigned on 27/12/2019:
+ * 4760 pre-auth RCE [CVE-2019-20049](https://nvd.nist.gov/vuln/detail/CVE-2019-20049)
+ * 4760 and 8770 Directory manager credentials leak [CVE-2019-20047](https://nvd.nist.gov/vuln/detail/CVE-2019-20047)
+ * 8770 post-auth RCE [CVE-2019-20048](https://nvd.nist.gov/vuln/detail/CVE-2019-20048)
+
+Furthermore, (Alcatel-Lucent has published a statement acknowledging the issues)[https://www.al-enterprise.com/en/-/media/assets/internet/documents/sa-c0065-ov8770-rce-vulnerability-en.pdf].
+
+## Fix
+As per Alcatel-Lucent statement 4760 will remain unpatched as it is a discontinued product. 
+8770 should be fixed `4.1.2` and `4.2`.
+
 ## Intro
 Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common Voip solution. This software is used to manage the Voip accounts as well as to serve as a public directory. [Official product page](https://www.al-enterprise.com/en/products/communications-management-security/omnivista-8770-network-management-system).