Lucene search

[email protected]CVE-2007-3010

HistorySep 18, 2007 - 9:17 p.m.

CVE-2007-3010

2007-09-1821:17:00

CWE-20

[email protected]

web.nvd.nist.gov

837

In Wild

alcatel

omnipcx

server

r7.1

remote execution

command

vulnerability

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

CPENameOperatorVersion
alcatel-lucent:omnipcxalcatel-lucent omnipcxeq7.1

CPE	Name	Operator	Version
alcatel-lucent:omnipcx	alcatel-lucent omnipcx	eq	7.1

References

marc.info/?l=full-disclosure&m=119002152126755&w=2

osvdb.org/40521

secunia.com/advisories/26853

www.redteam-pentesting.de/advisories/rt-sa-2007-001.php

www.securityfocus.com/archive/1/479699/100/0/threaded

www.securityfocus.com/bid/25694

www.vupen.com/english/advisories/2007/3185

www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm

exchange.xforce.ibmcloud.com/vulnerabilities/36632

Social References

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Related for CVE-2007-3010

securityvulns2 packetstorm2 cisa_kev1 prion1 attackerkb1 nuclei1 checkpoint_advisories1 openvas2