CVE-2007-2512 - Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch b

CVE-2007-2512

Summary

Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.

References

Vulnerable Configurations

cpe:2.3:h:alcatel-lucent:omnipcx:*:*:enterprise:*:*:*:*:*
cpe:2.3:h:alcatel-lucent:omnipcx:*:*:enterprise:*:*:*:*:*
cpe:2.3:a:alcatel-lucent:omnipcx:7.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:alcatel-lucent:omnipcx:7.0:*:enterprise:*:*:*:*:*

CVSS

Base:	7.5 (as of 16-10-2018 - 16:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	24360
bugtraq	20070607 RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0
misc	http://cert.uni-stuttgart.de/advisories/al-ip-touch-vlan-filtering.php
osvdb	38526
xf	alcatellucent-voip-unauthorized-access(34760)

Last major update

16-10-2018 - 16:44

Published

07-06-2007 - 21:30

Last modified

16-10-2018 - 16:44