vulnerability alert CVE-2010-3279 CVE-2010-3280
Alcatel OmniTouch CC: administrative access via CCAgent
Synthesis of the vulnerability
An unauthenticated attacker can connect to Alcatel OmniTouch Contact Center in order to administer it.Impacted products:
OmniTouch CC Premium, OmniTouch Contact Center Standard.
BID-43340, CERTA-2010-AVI-454, CVE-2010-3279, CVE-2010-3280, n.runs-SA-2010.001, VIGILANCE-VUL-9961.
Description of the vulnerability
The CCAgent (Contact Center Agent) module is installed on client computers. It connects to the CCA Server installed with Alcatel OmniTouch Contact Center.
The Tsa_Maintainance.exe program is used to administer the Contact Center via CCA Server. However, no authentication is required.
Moreover, the server sends the administrator password to the client.
An unauthenticated attacker can therefore connect to Alcatel OmniTouch Contact Center in order to administer it.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides an application vulnerability workaround
. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.