Back to search
CVE-2019-20049
Published: Dec 27, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://git.lsd.cat/g/omnivista-rce
x_refsource_MISC
https://www.exploit-db.com/exploits/47761
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now