Vulnerability Details CVE-2007-3010
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.941
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.
Ransomware Campaign
Unknown
References
- http://marc.info/?l=full-disclosure&m=119002152126755&w=2
- http://osvdb.org/40521
- http://secunia.com/advisories/26853
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
- http://www.securityfocus.com/archive/1/479699/100/0/threaded
- http://www.securityfocus.com/bid/25694
- http://www.vupen.com/english/advisories/2007/3185
- http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36632
- http://marc.info/?l=full-disclosure&m=119002152126755&w=2
- http://osvdb.org/40521
- http://secunia.com/advisories/26853
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
- http://www.securityfocus.com/archive/1/479699/100/0/threaded
- http://www.securityfocus.com/bid/25694
- http://www.vupen.com/english/advisories/2007/3185
- http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36632
Products affected by CVE-2007-3010
-
cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:-
-
cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:6.0
-
cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:6.1
-
cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:6.2
-
cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:7.0
-
cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:7.1