Alcatel-Lucent: Security Vulnerabilities
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.
CVSS Score
7.5
EPSS Score
0.044
Published
2007-02-14
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
CVSS Score
5.0
EPSS Score
0.132
Published
2003-12-31
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
CVSS Score
10.0
EPSS Score
0.009
Published
2002-12-31
FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.
CVSS Score
6.2
EPSS Score
0.001
Published
2002-05-31
Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.
CVSS Score
2.1
EPSS Score
0.001
Published
2002-05-31
Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.
CVSS Score
4.6
EPSS Score
0.001
Published
2002-05-31
Page 3