Added CVE and vendor statement
This commit is contained in:
parent
c0b4991ce1
commit
c92ad38fcb
12
README.md
12
README.md
@ -8,6 +8,18 @@
|
|||||||
* https://www.cvedetails.com/cve/CVE-2007-5190/
|
* https://www.cvedetails.com/cve/CVE-2007-5190/
|
||||||
* https://github.com/malerisch/omnivista-8770-unauth-rce
|
* https://github.com/malerisch/omnivista-8770-unauth-rce
|
||||||
|
|
||||||
|
## CVEs
|
||||||
|
The followinf CVEs have been assigned on 27/12/2019:
|
||||||
|
* 4760 pre-auth RCE [CVE-2019-20049](https://nvd.nist.gov/vuln/detail/CVE-2019-20049)
|
||||||
|
* 4760 and 8770 Directory manager credentials leak [CVE-2019-20047](https://nvd.nist.gov/vuln/detail/CVE-2019-20047)
|
||||||
|
* 8770 post-auth RCE [CVE-2019-20048](https://nvd.nist.gov/vuln/detail/CVE-2019-20048)
|
||||||
|
|
||||||
|
Furthermore, (Alcatel-Lucent has published a statement acknowledging the issues)[https://www.al-enterprise.com/en/-/media/assets/internet/documents/sa-c0065-ov8770-rce-vulnerability-en.pdf].
|
||||||
|
|
||||||
|
## Fix
|
||||||
|
As per Alcatel-Lucent statement 4760 will remain unpatched as it is a discontinued product.
|
||||||
|
8770 should be fixed `4.1.2` and `4.2`.
|
||||||
|
|
||||||
## Intro
|
## Intro
|
||||||
Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common Voip solution. This software is used to manage the Voip accounts as well as to serve as a public directory. [Official product page](https://www.al-enterprise.com/en/products/communications-management-security/omnivista-8770-network-management-system).
|
Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common Voip solution. This software is used to manage the Voip accounts as well as to serve as a public directory. [Official product page](https://www.al-enterprise.com/en/products/communications-management-security/omnivista-8770-network-management-system).
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user