Preface: Modern world favor single sing-on function, SAML & application system authentication integrate with Microsoft active directory. Everybody might know such setup contain risk, but theoretically computer aim to make human life comfortable!

Background: The Alcatel-Lucent OmniVista® 8770 Network Management System (NMS) is an all-in-one graphical management application that offers a unified view of your ALE communication network.

Vulnerability details: No CVE reference number has been assigned to these vulnerabilities yet. But it shown that programming flaws made the loopholes happen.

– 4760 suffers an unauthenticated remote code execution as SYSTEM. No special configuration is required

– 8770 and 4760 both suffer a remote administrative password disclosure. No special configuration required

– 8770 suffer an authenticated remote code execution vulnerability. When chained with the disclosure vulnerability, it becomes an unauth RCE. In this case access to the port 389 and a directory license are required

Should you have any doubt of this matter, please contact vendor to find out the details.