CVE-2007-3010

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Configurations

Configuration 1 (hide)

cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:32

Type Values Removed Values Added
References () http://marc.info/?l=full-disclosure&m=119002152126755&w=2 - Exploit, Mailing List () http://marc.info/?l=full-disclosure&m=119002152126755&w=2 - Exploit, Mailing List
References () http://osvdb.org/40521 - Broken Link () http://osvdb.org/40521 - Broken Link
References () http://secunia.com/advisories/26853 - Broken Link, Vendor Advisory () http://secunia.com/advisories/26853 - Broken Link, Vendor Advisory
References () http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php - Broken Link () http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php - Broken Link
References () http://www.securityfocus.com/archive/1/479699/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/479699/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/25694 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/25694 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2007/3185 - Broken Link () http://www.vupen.com/english/advisories/2007/3185 - Broken Link
References () http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm - Broken Link () http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/36632 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/36632 - Third Party Advisory, VDB Entry

02 Jul 2024, 17:43

Type Values Removed Values Added
CPE cpe:2.3:a:alcatel-lucent:omnipcx:7.1:*:enterprise:*:*:*:*:* cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:*:*:*:*:*:*:*:*
References () http://marc.info/?l=full-disclosure&m=119002152126755&w=2 - Exploit () http://marc.info/?l=full-disclosure&m=119002152126755&w=2 - Exploit, Mailing List
References () http://osvdb.org/40521 - () http://osvdb.org/40521 - Broken Link
References () http://secunia.com/advisories/26853 - Vendor Advisory () http://secunia.com/advisories/26853 - Broken Link, Vendor Advisory
References () http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php - () http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php - Broken Link
References () http://www.securityfocus.com/archive/1/479699/100/0/threaded - () http://www.securityfocus.com/archive/1/479699/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/25694 - () http://www.securityfocus.com/bid/25694 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2007/3185 - () http://www.vupen.com/english/advisories/2007/3185 - Broken Link
References () http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm - () http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/36632 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/36632 - Third Party Advisory, VDB Entry
CVSS v2 : 10.0
v3 : unknown
v2 : 10.0
v3 : 9.8
First Time Al-enterprise omnipcx Enterprise Communication Server
Al-enterprise
CWE CWE-20 NVD-CWE-noinfo

Information

Published : 2007-09-18 21:17

Updated : 2024-11-21 00:32


NVD link : CVE-2007-3010

Mitre link : CVE-2007-3010

CVE.ORG link : CVE-2007-3010


JSON object : View

Products Affected

al-enterprise

  • omnipcx_enterprise_communication_server