This page lists publicly disclosed CVE vulnerabilities affecting alcatel-lucent omnipcx (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2011-0344 | Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers. | [email protected] | 5.8 | 0.83% | 2011-03-08 | 2026-04-29 |
| CVE-2007-5361 | The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename. | [email protected] | 8.5 | 2.61% | 2007-11-20 | 2026-04-23 |
| CVE-2007-2512 | Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems. | [email protected] | 7.5 | 0.60% | 2007-06-07 | 2026-04-23 |
| CVE-2003-1108 | The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | [email protected] | 5.0 | 13.16% | 2003-12-31 | 2026-04-16 |
| CVE-2002-1691 | Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access. | [email protected] | 10.0 | 0.93% | 2002-12-31 | 2026-04-16 |
| CVE-2002-0295 | Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges. | [email protected] | 4.6 | 0.06% | 2002-05-31 | 2026-04-16 |
| CVE-2002-0294 | Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system. | [email protected] | 2.1 | 0.07% | 2002-05-31 | 2026-04-16 |
| CVE-2002-0293 | FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file. | [email protected] | 6.2 | 0.07% | 2002-05-31 | 2026-04-16 |