CVE-2019-20049

2019-12-27T19:15:00
ID CVE-2019-20049
Type cve
Reporter cve@mitre.org
Modified 2020-01-07T20:39:00

Description

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().