Security Advisory

CVE-2019-20049

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-27 18:18:22

Last updated 2024-08-05 02:32:10

Assigner mitre

State PUBLISHED

Description

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().

← Browse all CVEs View on cve.org ↗