CVE-2007-3010

Published: Sep 18, 2007Modified: Apr 21, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

Affected (1)

Products: Al Enterprise: Omnipcx Enterprise Communication Server

Al Enterprise

1 product

Omnipcx Enterprise Communication Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Al Enterprise Omnipcx Enterprise Communication Server	Up to 7.1

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (19)

http://marc.info/?l=full-disclosure&m=119002152126755&w=2

Source: cve@mitre.org

ExploitMailing List

http://osvdb.org/40521

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/26853

Source: cve@mitre.org

Broken LinkVendor Advisory

http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/archive/1/479699/100/0/threaded

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/25694

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2007/3185

Source: cve@mitre.org

Broken Link

http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm

Source: cve@mitre.org

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/36632

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://marc.info/?l=full-disclosure&m=119002152126755&w=2