masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=full-disclosure&m=119002152126755&w=2 - Exploit, Mailing List | |
References | () http://osvdb.org/40521 - Broken Link | |
References | () http://secunia.com/advisories/26853 - Broken Link, Vendor Advisory | |
References | () http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php - Broken Link | |
References | () http://www.securityfocus.com/archive/1/479699/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/25694 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2007/3185 - Broken Link | |
References | () http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm - Broken Link | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/36632 - Third Party Advisory, VDB Entry |
02 Jul 2024, 17:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:*:*:*:*:*:*:*:* | |
References | () http://marc.info/?l=full-disclosure&m=119002152126755&w=2 - Exploit, Mailing List | |
References | () http://osvdb.org/40521 - Broken Link | |
References | () http://secunia.com/advisories/26853 - Broken Link, Vendor Advisory | |
References | () http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php - Broken Link | |
References | () http://www.securityfocus.com/archive/1/479699/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/25694 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2007/3185 - Broken Link | |
References | () http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm - Broken Link | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/36632 - Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
First Time |
Al-enterprise omnipcx Enterprise Communication Server
Al-enterprise |
|
CWE | NVD-CWE-noinfo |
Information
Published : 2007-09-18 21:17
Updated : 2024-11-21 00:32
NVD link : CVE-2007-3010
Mitre link : CVE-2007-3010
CVE.ORG link : CVE-2007-3010
JSON object : View
Products Affected
al-enterprise
- omnipcx_enterprise_communication_server
CWE