Lucene search

Kaspersky LabKLA10055

HistorySep 23, 2010 - 12:00 a.m.

KLA10055 ACE & DoS vulnerability in OmniVista 4760

2010-09-2300:00:00

Kaspersky Lab

threats.kaspersky.com

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.07 Low

EPSS

Percentile

94.0%

JSON

A buffer overflow vulnerability was found in OmniVista. By exploiting this vulnerability malicious users can cause denial of service or execute arbitrary code. This vulnerability can be exploited from the network via a specially designed request.

Original advisories

Alcatel bulletin

Related products

Alcatel-OmniVista

CVE list

CVE-2010-3281 high

Solution

Update to latest version

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

Alcatel-lucent OmniVista 4760 server versions R5.1.06.03.c_Patch2 and earlier

References

www3.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf

statistics.securelist.com/

threats.kaspersky.com/en/product/Alcatel-OmniVista/

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.07 Low

EPSS

Percentile

94.0%

JSON

Related for KLA10055