CVE-2007-3010
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.vupen.com/english/advisories/2007/3185
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
- http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
- http://secunia.com/advisories/26853
- http://marc.info/?l=full-disclosure&m=119002152126755&w=2
- http://osvdb.org/40521
- http://www.securityfocus.com/archive/1/479699/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36632
- http://www.securityfocus.com/bid/25694
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
- http://www.vupen.com/english/advisories/2007/3185
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
- http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
- http://secunia.com/advisories/26853
- http://marc.info/?l=full-disclosure&m=119002152126755&w=2
- http://osvdb.org/40521
- http://www.securityfocus.com/archive/1/479699/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36632
- http://www.securityfocus.com/bid/25694
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.