The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Alcatel-Lucent OmniTouch Contact Center Standard

vulnerability alert CVE-2010-3279 CVE-2010-3280

Alcatel OmniTouch CC: administrative access via CCAgent

Synthesis of the vulnerability

An unauthenticated attacker can connect to Alcatel OmniTouch Contact Center in order to administer it.
Impacted products: OmniTouch CC Premium, OmniTouch Contact Center Standard.
Severity: 3/4.
Consequences: privileged access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/09/2010.
Identifiers: BID-43340, CERTA-2010-AVI-454, CVE-2010-3279, CVE-2010-3280, n.runs-SA-2010.001, VIGILANCE-VUL-9961.

Description of the vulnerability

The CCAgent (Contact Center Agent) module is installed on client computers. It connects to the CCA Server installed with Alcatel OmniTouch Contact Center.

The Tsa_Maintainance.exe program is used to administer the Contact Center via CCA Server. However, no authentication is required.

Moreover, the server sends the administrator password to the client.

An unauthenticated attacker can therefore connect to Alcatel OmniTouch Contact Center in order to administer it.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Alcatel-Lucent OmniTouch Contact Center Standard: