製品・ソフトウェアに関する情報

JVN脆弱性詳細

Alcatel-Lucent OmniVista 8770 における任意のコマンドを実行される脆弱性

Title	Alcatel-Lucent OmniVista 8770 における任意のコマンドを実行される脆弱性
Summary	Alcatel-Lucent OmniVista 8770 は、複数の異なる ORB インターフェースを露出し、認証を回避されるため、任意のコマンドを実行される脆弱性が存在します。
Possible impacts	攻撃者により、TCP ポート 30024 上の GIOP プロトコルを使用したクエリを介して、メソッド (AddJobSet、AddJob、および ExecuteNow) を呼び出されることで、任意のコマンドを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 1, 2016, midnight
Registration Date	Dec. 7, 2016, 5:35 p.m.
Last Update	Dec. 7, 2016, 5:35 p.m.

Affected System

Alcatel-Lucent

OmniVista 8770 Network Management System 2.0 から 3.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-9796	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9796
National Vulnerability Database (NVD)
2	CVE-2016-9796	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9796

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html
2	CWE-287	https://jvndb.jvn.jp/ja/cwe/CWE-287.html

ベンダー情報

No	Name	URL
Alcatel-Lucent Enterprise
1	OmniVista 8770 Network Management System	http://enterprise.alcatel-lucent.com/?product=Omnivista8770NetworkManagementsystem&page=overview

その他

No	Name	URL
関連文書
1	Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)	http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html

Change Log

No	Changed Details	Date of change
0	[2016年12月07日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-9796

Summary	Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."
Publication Date	Dec. 3, 2016, 3:59 p.m.
Registration Date	Jan. 26, 2021, 2:20 p.m.
Last Update	Nov. 21, 2024, 12:01 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:alcatel-lucent:omnivista_8770_network_management_system:2.0:::::::*
cpe:2.3:a:alcatel-lucent:omnivista_8770_network_management_system:2.6:::::::*
cpe:2.3:a:alcatel-lucent:omnivista_8770_network_management_system:3.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html	Exploit Third Party Advisory
2	http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html	Exploit Third Party Advisory
3	http://www.securityfocus.com/bid/94649
4	http://www.securityfocus.com/bid/94649
5	https://github.com/malerisch/omnivista-8770-unauth-rce	Third Party Advisory
6	https://github.com/malerisch/omnivista-8770-unauth-rce	Third Party Advisory
7	https://www.exploit-db.com/exploits/40862/
8	https://www.exploit-db.com/exploits/40862/
9	https://www.youtube.com/watch?v=aq37lQKa9sk	Exploit
10	https://www.youtube.com/watch?v=aq37lQKa9sk	Exploit

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html
2	CWE-287	不適切な認証	https://cwe.mitre.org/data/definitions/287.html