Added CVE and vendor statement

2019-12-28 01:28:48 +01:00 · 2019-12-28 01:28:48 +01:00 · c92ad38fcb
commit c92ad38fcb
parent c0b4991ce1
1 changed files with 12 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -8,6 +8,18 @@
 * https://www.cvedetails.com/cve/CVE-2007-5190/
 * https://github.com/malerisch/omnivista-8770-unauth-rce

+## CVEs
+The followinf CVEs have been assigned on 27/12/2019:
+ * 4760 pre-auth RCE [CVE-2019-20049](https://nvd.nist.gov/vuln/detail/CVE-2019-20049)
+ * 4760 and 8770 Directory manager credentials leak [CVE-2019-20047](https://nvd.nist.gov/vuln/detail/CVE-2019-20047)
+ * 8770 post-auth RCE [CVE-2019-20048](https://nvd.nist.gov/vuln/detail/CVE-2019-20048)
+
+Furthermore, (Alcatel-Lucent has published a statement acknowledging the issues)[https://www.al-enterprise.com/en/-/media/assets/internet/documents/sa-c0065-ov8770-rce-vulnerability-en.pdf].
+
+## Fix
+As per Alcatel-Lucent statement 4760 will remain unpatched as it is a discontinued product. 
+8770 should be fixed `4.1.2` and `4.2`.
+
 ## Intro
 Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common Voip solution. This software is used to manage the Voip accounts as well as to serve as a public directory. [Official product page](https://www.al-enterprise.com/en/products/communications-management-security/omnivista-8770-network-management-system).