CVE-2008-1331 — HIGH (10.0)

Q: How severe is CVE-2008-1331?

CVE-2008-1331 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-1331?

Check the references section above for vendor advisories and patch information. Affected products include: Alcatel-Lucent Omnipcx Office.

Vulnerability Description

cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Alcatel-Lucent	Omnipcx Office	>= 210, < 210\/091.001

Related Weaknesses (CWE)

CWE-20

References

http://secunia.com/advisories/29798Third Party Advisory
http://www.securityfocus.com/archive/1/492383/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/28758Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020082Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/1057Permissions Required
http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htmVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41560Third Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/5662Third Party AdvisoryVDB Entry
http://secunia.com/advisories/29798Third Party Advisory
http://www.securityfocus.com/archive/1/492383/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/28758Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020082Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/1057Permissions Required
http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htmVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41560Third Party AdvisoryVDB Entry

FAQ

What is CVE-2008-1331?

CVE-2008-1331 is a vulnerability with a CVSS score of 10.0 (HIGH). cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands ...

How severe is CVE-2008-1331?

CVE-2008-1331 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1331?

Check the references section above for vendor advisories and patch information. Affected products include: Alcatel-Lucent Omnipcx Office.