Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Alcatel-lucent Subscribe
Filtered by product Omnipcx
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3010 1 Alcatel-lucent 1 Omnipcx 2018-10-16 10.0 HIGH N/A
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
CVE-2007-2512 1 Alcatel-lucent 1 Omnipcx 2018-10-16 7.5 HIGH N/A
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.
CVE-2007-5361 1 Alcatel-lucent 1 Omnipcx 2018-10-15 8.5 HIGH N/A
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.
CVE-2003-1108 1 Alcatel-lucent 1 Omnipcx 2017-10-10 5.0 MEDIUM N/A
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
CVE-2011-0344 1 Alcatel-lucent 1 Omnipcx 2017-08-16 5.8 MEDIUM N/A
Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers.
CVE-2002-1691 1 Alcatel-lucent 1 Omnipcx 2017-07-10 10.0 HIGH N/A
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
CVE-2002-0293 1 Alcatel-lucent 1 Omnipcx 2017-07-10 6.2 MEDIUM N/A
FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.
CVE-2002-0295 1 Alcatel-lucent 1 Omnipcx 2016-10-17 4.6 MEDIUM N/A
Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.
CVE-2002-0294 1 Alcatel-lucent 1 Omnipcx 2016-10-17 2.1 LOW N/A
Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.