CVE-2016-9796

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent OmniVista versions 2.0 through 3.0

Description The issue allows an attacker to bypass authentication and invoke certain methods, including AddJobSet, AddJob, and ExecuteNow, which can be used to run arbitrary commands on the server with the privilege of NT AUTHORITYSYSTEM. This can be achieved by querying different ORBs interfaces using the GIOP protocol on TCP port 30024.

Recommendations For Alcatel-Lucent OmniVista versions 2.0 through 3.0, apply proper firewall rules to prevent unauthorized clients from connecting to the OmniVista server, as per the product security deployment technical guidelines.