PT-2019-16063 · Alcatel Lucent · Alcatel-Lucent Omnivista 8770

0X1911

Published

2019-12-27

Updated

2020-01-07

CVE-2019-20048

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent OmniVista 8770 versions prior to 4.1.2

Description An issue allows an authenticated remote attacker with elevated privileges in the Web Directory component on port 389 to upload a PHP file, achieving Remote Code Execution as SYSTEM.

Recommendations For versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-20048

Affected Products

Alcatel-Lucent Omnivista 8770

PT-2019-16063 · Alcatel Lucent · Alcatel-Lucent Omnivista 8770

CVE-2019-20048

Weakness Enumeration

Related Identifiers

Affected Products

References · 6