Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vitalanalysis | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalanalysis | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalanalysis | Lucent | 8.2 (including) | 8.2 (including) |
| Vitalevent | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalevent | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalevent | Lucent | 8.2 (including) | 8.2 (including) |
| Vitalhelp | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalhelp | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalhelp | Lucent | 8.2 (including) | 8.2 (including) |
| Vitalnet | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalnet | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalnet | Lucent | 8.2 (including) | 8.2 (including) |
| Vitalsuite | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalsuite | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalsuite | Lucent | 8.2 (including) | 8.2 (including) |