Lucene search

Kaspersky LabKLA10056

HistoryMar 08, 2011 - 12:00 a.m.

KLA10056 RLF vulnerability in Alcatel-Lucent OmniVista 4760

2011-03-0800:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

A directory traversal vulnerability was found in OmniVista. By exploiting this vulnerability malicious users can read local files. This vulnerability can be exploited from the network at a point related to NMS server via specially designed GET request.

Original advisories

Alcatel bulletin

Related products

Alcatel-OmniVista

CVE list

CVE-2011-0345 warning

Solution

Update to latest version

Impacts

Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.

Affected Products

Alcatel-Lucent OmniVista 4760 all versions

References

www3.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf

statistics.securelist.com/

threats.kaspersky.com/en/product/Alcatel-OmniVista/

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

Related for KLA10056