CVE-2007-3010 — CRITICAL (9.8)

Q: How severe is CVE-2007-3010?

CVE-2007-3010 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2007-3010?

Check the references section above for vendor advisories and patch information. Affected products include: Al-Enterprise Omnipcx Enterprise Communication Server.

Vulnerability Description

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Al-Enterprise	Omnipcx Enterprise Communication Server	<= 7.1

Related Weaknesses (CWE)

CWE-77

References

http://marc.info/?l=full-disclosure&m=119002152126755&w=2ExploitMailing List
http://osvdb.org/40521Broken Link
http://secunia.com/advisories/26853Broken LinkVendor Advisory
http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.phpBroken Link
http://www.securityfocus.com/archive/1/479699/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/25694Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2007/3185Broken Link
http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htmBroken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/36632Third Party AdvisoryVDB Entry
http://marc.info/?l=full-disclosure&m=119002152126755&w=2ExploitMailing List
http://osvdb.org/40521Broken Link
http://secunia.com/advisories/26853Broken LinkVendor Advisory
http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.phpBroken Link
http://www.securityfocus.com/archive/1/479699/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/25694Broken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2007-3010?

CVE-2007-3010 is a vulnerability with a CVSS score of 9.8 (CRITICAL). masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user...

How severe is CVE-2007-3010?

CVE-2007-3010 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2007-3010?

Check the references section above for vendor advisories and patch information. Affected products include: Al-Enterprise Omnipcx Enterprise Communication Server.