Computer Security

Alcatel CCAgent unauthorized access

back  news / advisories / software / search /  forward
[EN] securityvulns.ru no-pyccku


Alcatel CCAgent unauthorized access
Published:20.09.2010
Source:
SecurityVulns ID:11159
Type:remote
Threat Level:
5/10
Description:Server does not provide any authenticaiton, password is stored on the client site in reversible encryption.
Affected:ALCATEL : CCAgent 0.9
CVE:CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.)
 CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe.)
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server (20.09.2010)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod