Alcatel OmniVista remote command execution
Added: 12/31/2019Background
Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution.Problem
Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code.Resolution
Upgrade to OmniVista 8770 version 4.1.12 or 4.2 or higher.References
https://www.al-enterprise.com/en/-/media/assets/internet/documents/sa-c0065-ov8770-rce-vulnerability-en.pdfhttps://git.lsd.cat/g/omnivista-rce
Limitations
Exploit works on OmniVista 4760.Platforms
AlcatelBack to exploit index