CVE Vulnerability

CVE-2007-3010

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://marc.info/?l=full-disclosure&m=119002152126755&w=2 Exploit
http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
http://secunia.com/advisories/26853 Vendor Advisory
http://www.securityfocus.com/bid/25694
http://osvdb.org/40521
http://www.vupen.com/english/advisories/2007/3185
https://exchange.xforce.ibmcloud.com/vulnerabilities/36632
http://www.securityfocus.com/archive/1/479699/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:alcatel-lucent:omnipcx:7.1:*:enterprise:*:*:*:*:*
Information

Published : 2007-09-18 09:17

Updated : 2018-10-16 04:46

NVD link : CVE-2007-3010

Mitre link : CVE-2007-3010

Products Affected
No products.
CWE
CWE-20