10

CVE-2016-9796

Exploit

EPSS 23.67%
Veröffentlicht 03.12.2016 06:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Alcatel-lucent ≫ Omnivista 8770 Network Management System Version2.0

Alcatel-lucent ≫ Omnivista 8770 Network Management System Version2.6

Alcatel-lucent ≫ Omnivista 8770 Network Management System Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	23.67%	0.955

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html

Third Party Advisory

Exploit

http://www.securityfocus.com/bid/94649

https://github.com/malerisch/omnivista-8770-unauth-rce

Third Party Advisory

https://www.exploit-db.com/exploits/40862/

https://www.youtube.com/watch?v=aq37lQKa9sk

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2016-9796

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9796

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9796

EUVD