Manuals+

Alcatel-Lucent Security Advisory SA-C0065

OmniVista 8770 Remote Code Execution

Summary

A public vulnerability has been disclosed affecting Alcatel-Lucent OmniVista 4760 and OmniVista 8770. This issue impacts the Web Directory Consultation client, presenting a potential for remote code execution with high privileges.

References

  • Date: December 09th, 2019
  • Risk: High
  • Impact: Remote access / Disrupt service (denial of service)
  • Attack expertise: Skilled
  • Attack requirements: Remote (no account) on the same network plane as the product
  • External resources:

Description of the vulnerability

The vulnerability arises from potential remote access to certain session files utilized by the Web Directory Consultation client. A comprehensive description of this discovery is publicly available at: https://git.lsd.cat/g/omnivista-rce/src/master/README.md

Status on Alcatel-Lucent Enterprise products

The OmniVista 4760 product is now deprecated. For OmniVista 8770, it is recommended to upgrade to the latest version to address this vulnerability.

Affected and Resolved Versions

Affected Releases: OmniVista 8770 before version 4.1.12

Not Affected Releases: OmniVista 8770 version 4.2

Resolution:

  • OmniVista 8770 fixed in version 4.1.12 (January week 5 of 2020)
  • OmniVista 8770 fixed in version 4.2 (April 2020 release)

History

Ed.01: Advisory creation on December 1st, 2019.

PDF preview unavailable. Download the PDF instead.

sa-c0065-ov8770-rce-vulnerability-en Microsoft Word 2016

Related Documents

Preview Alcatel-Lucent OmniVista 8770 Network Management System Datasheet
Datasheet for the Alcatel-Lucent OmniVista 8770 Network Management System (NMS), detailing its features, benefits, technical specifications, and system requirements for managing ALE communication networks.
Preview Alcatel Lucent ALE-30h IP Phone Specifications
Technical specifications and product overview for the Alcatel Lucent ALE-30h IP phone, including brand and part number 3ML37030AA.
Preview Alcatel-Lucent AOS-W Instant 6.4.3.1-4.2.0.0 User Guide: Setup and Configuration
This user guide provides comprehensive instructions for setting up, configuring, and managing Alcatel-Lucent's AOS-W Instant wireless networking solution, covering access point deployment, network profiles, security, and monitoring.
Preview Alcatel-Lucent 8168s/8158s WLAN Handset 用户手册
了解 Alcatel-Lucent 8168s 和 8158s WLAN Handset 的功能、设置和操作指南,支持 OmniPCX Enterprise、OXO Connect 和 SIP 系统。
Preview Alcatel-Lucent OmniPCX Enterprise Communication Server Datasheet
Explore the Alcatel-Lucent OmniPCX Enterprise Communication Server, a robust phone system designed for medium, large, and very large enterprises. Discover its features for enhanced business responsiveness, employee mobility, and seamless collaboration with Alcatel-Lucent Rainbow.
Preview Alcatel Lucent Teletaş Telekomünikasyon A.Ş. Altı Aylık Faaliyet Raporu Uygunluğu Sınırlı Denetim Raporu
Alcatel Lucent Teletaş Telekomünikasyon A.Ş.'nin 30 Haziran 2025 tarihli altı aylık faaliyet raporunun ara dönem finansal tablolarıyla tutarlılığına ilişkin DRT Bağımsız Denetim tarafından hazırlanan sınırlı denetim raporu. Finansal bilgilerin uyumluluğu ve denetim bulguları hakkında bilgi içerir.
Preview Alcatel-Lucent OmniAccess Stellar AP1570 Series: Wi-Fi 7 Outdoor Access Points
Explore the Alcatel-Lucent OmniAccess Stellar AP1570 series, featuring high-performance Wi-Fi 7 for outdoor and rugged environments. Discover advanced features, enterprise-grade security, and robust connectivity for modern IoT deployments.
Preview FCC Equipment Authorization Correspondence for Alcatel-Lucent AS5BBTRX-05
Official correspondence from the FCC Equipment Authorization Branch regarding the FCC ID AS5BBTRX-05 for Alcatel-Lucent USA Inc., discussing power rating compliance and TCB processing procedures.