CVE-2019-20048
HIGH WAF: Medium
CVSS 7.2
Published: 2019-12-27
CWE-434
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| al-enterprise | omnivista_8770 | up to 4.1.12 |
References
- git.lsd.cat (Exploit, Third Party Advisory)
- packetstormsecurity.com (Exploit, Third Party Advisory, VDB Entry)
- www.al-enterprise.com (Vendor Advisory)
- www.exploit-db.com (Patch, Third Party Advisory, VDB Entry)