CVE-2010-3280 - OpenCVE

The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:M/Au:N/C:C/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Alcatel-lucent	Ccagent Omnitouch Contact Center

Configuration 1 [-]

AND

OR	cpe:2.3:a:alcatel-lucent:ccagent::::::::
	cpe:2.3:a:alcatel-lucent:ccagent:7.1:::::::*

cpe:2.3:a:alcatel-lucent:omnitouch_contact_center:-:-:std:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/41547
http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf
http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf
http://www.securityfocus.com/archive/1/513869
http://www.securityfocus.com/bid/43340
http://www.vupen.com/english/advisories/2010/2459
https://exchange.xforce.ibmcloud.com/vulnerabilities/61920

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-23T18:00:00

Updated: 2024-08-07T03:03:18.937Z

Reserved: 2010-09-13T00:00:00

Link: CVE-2010-3280

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-09-23T19:00:14.373

Modified: 2017-08-17T01:32:56.977

Link: CVE-2010-3280

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20100920 n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/513869"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf"}, {"name": "41547", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41547"}, {"name": "omnitouch-callcenter-info-disclosure(61920)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61920"}, {"name": "ADV-2010-2459", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2459"}, {"tags": ["x_refsource_MISC"], "url": "http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf"}, {"name": "43340", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43340"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3280", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20100920 n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/513869"}, {"name": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf", "refsource": "CONFIRM", "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf"}, {"name": "41547", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41547"}, {"name": "omnitouch-callcenter-info-disclosure(61920)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61920"}, {"name": "ADV-2010-2459", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2459"}, {"name": "http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf", "refsource": "MISC", "url": "http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf"}, {"name": "43340", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43340"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:03:18.937Z"}, "title": "CVE Program Container", "references": [{"name": "20100920 n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/513869"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf"}, {"name": "41547", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41547"}, {"name": "omnitouch-callcenter-info-disclosure(61920)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61920"}, {"name": "ADV-2010-2459", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2459"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf"}, {"name": "43340", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/43340"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3280", "datePublished": "2010-09-23T18:00:00", "dateReserved": "2010-09-13T00:00:00", "dateUpdated": "2024-08-07T03:03:18.937Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alcatel-lucent:ccagent:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4A15941-19F4-4386-826C-8284E5062CDC", "versionEndIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:alcatel-lucent:ccagent:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B917490-946B-4785-80D8-7FFEDCCCAFE0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:alcatel-lucent:omnitouch_contact_center:-:-:std:*:*:*:*:*", "matchCriteriaId": "E9BA7BC8-0C93-4F5B-9F6B-DE0E68FF107C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application."}, {"lang": "es", "value": "La opci\u00f3n CCAgent v9.0.8.4 y anteriores en el servidor de gesti\u00f3n (tambi\u00e9n conocido como TSA) en Alcatel-Lucent OmniTouch Contact Center Standard Edition, cuenta con una validaci\u00f3n del lado del cliente y de modo no condicional env\u00eda la contrase\u00f1a de root al cliente para usarlo en una sesi\u00f3n autorizada, lo que permite a atacantes remotos monitorizar o reconfigurar las operaciones \"Contact Center\" a trav\u00e9s de una aplicaci\u00f3n cliente modificada."}], "id": "CVE-2010-3280", "lastModified": "2017-08-17T01:32:56.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:C/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-23T19:00:14.373", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41547"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf"}, {"source": "cve@mitre.org", "url": "http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/513869"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/43340"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2459"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61920"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}