The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Alcatel-Lucent 4760 NMS

computer vulnerability CVE-2016-9796

Alcatel-Lucent OmniVista: code execution via GIOP

Synthesis of the vulnerability

An unauthenticated attacker can use a vulnerability via GIOP of Alcatel-Lucent OmniVista, in order to run code.
Impacted products: OmniVista 4760 Network Management System.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 05/12/2016.
Identifiers: CVE-2016-9796, VIGILANCE-VUL-21265.

Description of the vulnerability

An unauthenticated attacker can use a vulnerability via GIOP of Alcatel-Lucent OmniVista, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-0345

Alcatel OmniVista 4760: file reading

Synthesis of the vulnerability

An attacker can use a special HTTP GET query, in order to read the content of files located on the Alcatel OmniVista 4760 Network Management System computer.
Impacted products: OmniVista 4760 Network Management System.
Severity: 3/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 01/03/2011.
Identifiers: BID-46624, CERTA-2011-AVI-130, CVE-2011-0345, DDIVRT-2010-30, VIGILANCE-VUL-10412, VU-101102-1.

Description of the vulnerability

The Alcatel OmniVista 4760 NMS (Network Management System) server has a web administration interface.

Several languages are available. The "lang" parameter indicates in which directory translated messages are stored. However, an attacker can use a language like "../..", in order to go up in the path, and to access to a file located outside the web site root.

An attacker can therefore use a special HTTP GET query, in order to read the content of files located on the Alcatel OmniVista 4760 Network Management System computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2010-3281

Alcatel OmniVista 4760: buffer overflow of proxy

Synthesis of the vulnerability

An attacker can send a long HTTP query to the proxy of Alcatel OmniVista 4760, in order to execute code.
Impacted products: OmniVista 4760 Network Management System.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 21/09/2010.
Identifiers: BID-43338, CERTA-2010-AVI-453, CVE-2010-3281, n.runs-SA-2010.002, VIGILANCE-VUL-9962.

Description of the vulnerability

The HTTP proxy of Alcatel OmniVista 4760 is used to tunnel connections to the PABX.

An HTTP GET query is for example:
  GET path HTTP/version

When the HTTP proxy receives a long query, a buffer overflow occurs.

An attacker can therefore send a long HTTP query to the proxy of Alcatel OmniVista 4760, in order to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.