we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability alert CVE-2010-3279 CVE-2010-3280

Alcatel OmniTouch CC: administrative access via CCAgent

Synthesis of the vulnerability

An unauthenticated attacker can connect to Alcatel OmniTouch Contact Center in order to administer it.
Impacted products: OmniTouch CC Premium, OmniTouch Contact Center Standard.
Severity: 3/4.
Creation date: 21/09/2010.
Identifiers: BID-43340, CERTA-2010-AVI-454, CVE-2010-3279, CVE-2010-3280, n.runs-SA-2010.001, VIGILANCE-VUL-9961.

Description of the vulnerability

The CCAgent (Contact Center Agent) module is installed on client computers. It connects to the CCA Server installed with Alcatel OmniTouch Contact Center.

The Tsa_Maintainance.exe program is used to administer the Contact Center via CCA Server. However, no authentication is required.

Moreover, the server sends the administrator password to the client.

An unauthenticated attacker can therefore connect to Alcatel OmniTouch Contact Center in order to administer it.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability workaround. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.