wtorek, 5 maja 2020

Alcatel-Lucent Security Advisory: CVE-2020-1179 (RCE)


OTMS remote code execution


I have discovered a vulnerability in OpenTouch Multimedia Services, making it possible for an attacker with administration rights to execute code on the server via web requests with high privileges.



Description of the vulnerability

Cgi script vmconstruct.cgi is vulnerable to shell command injection attacks through HTTP POST request. An attacker with an OT administrator cookie can inject arbitrary OS command using semicolon (;) character in the web request.

Impacts

OS command injection vulnerabilities can lead to elevate shell access on OT server for the attacker.


Reference: CVE-2020-11794
Date: April 15th, 2020
Risk: High
Impact: Get access
Attack expertise: Skilled, Administrative user
Attack requirements: Remote
CVSS score: 8.0 (HIGH)