Omnipcx

omnipcx

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-0344 1Alcatel Lucent 1Omnipcx Apr 29, 2026 Mar 8, 2011 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0...Show more Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers.Show less
CVE-2007-5361 1Alcatel Lucent 1Omnipcx Apr 23, 2026 Nov 20, 2007 N/A· v4 N/A· v3 8.5 HIGH· v2 The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets...Show more The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.Show less
CVE-2007-2512 1Alcatel Lucent 1Omnipcx Apr 23, 2026 Jun 7, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.
CVE-2003-1108 1Alcatel Lucent 1Omnipcx Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstra...Show more The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.Show less
CVE-2002-1691 1Alcatel Lucent 1Omnipcx Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 10.0 HIGH· v2 Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
CVE-2002-0295 1Alcatel Lucent 1Omnipcx Apr 16, 2026 May 31, 2002 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.
CVE-2002-0294 1Alcatel Lucent 1Omnipcx Apr 16, 2026 May 31, 2002 N/A· v4 N/A· v3 2.1 LOW· v2 Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.
CVE-2002-0293 1Alcatel Lucent 1Omnipcx Apr 16, 2026 May 31, 2002 N/A· v4 N/A· v3 6.2 MEDIUM· v2 FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.