Vulnerabilities > Alcatel Lucent > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-09-23 | CVE-2010-3279 | Configuration vulnerability in Alcatel-Lucent Ccagent and Omnitouch Contact Center The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. | 7.6 |
2007-11-20 | CVE-2007-5361 | Information Disclosure And Denial Of Service vulnerability in OmniPCX Enterprise Audio Rerouting The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename. | 8.5 |
2007-06-07 | CVE-2007-2512 | Unspecified vulnerability in Alcatel-Lucent Omnipcx 7.0 Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems. | 7.5 |
2007-02-14 | CVE-2007-0932 | Permissions, Privileges, and Access Controls vulnerability in multiple products The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. | 7.5 |
2007-02-14 | CVE-2007-0931 | Multiple vulnerability in Aruba Mobility Controller Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings. | 7.5 |