Search criteria
2 vulnerabilities found for omnipcx_enterprise_communication_server by al-enterprise
CVE-2007-3010 (GCVE-0-2007-3010)
Vulnerability from nvd – Published: 2007-09-18 21:00 – Updated: 2025-10-22 00:05
VLAI?
Summary
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-3185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3185"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"
},
{
"name": "26853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26853"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119002152126755\u0026w=2"
},
{
"name": "40521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40521"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479699/100/0/threaded"
},
{
"name": "alcatel-unified-mastercgi-command-execution(36632)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632"
},
{
"name": "25694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25694"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-3010",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T14:25:23.970930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-3010"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T00:05:56.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-3010"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-15T00:00:00+00:00",
"value": "CVE-2007-3010 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-3185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3185"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"
},
{
"name": "26853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26853"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119002152126755\u0026w=2"
},
{
"name": "40521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40521"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479699/100/0/threaded"
},
{
"name": "alcatel-unified-mastercgi-command-execution(36632)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632"
},
{
"name": "25694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3185",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3185"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php"
},
{
"name": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm",
"refsource": "CONFIRM",
"url": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"
},
{
"name": "26853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26853"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=119002152126755\u0026w=2"
},
{
"name": "40521",
"refsource": "OSVDB",
"url": "http://osvdb.org/40521"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479699/100/0/threaded"
},
{
"name": "alcatel-unified-mastercgi-command-execution(36632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632"
},
{
"name": "25694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3010",
"datePublished": "2007-09-18T21:00:00.000Z",
"dateReserved": "2007-06-04T00:00:00.000Z",
"dateUpdated": "2025-10-22T00:05:56.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3010 (GCVE-0-2007-3010)
Vulnerability from cvelistv5 – Published: 2007-09-18 21:00 – Updated: 2025-10-22 00:05
VLAI?
Summary
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-3185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3185"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"
},
{
"name": "26853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26853"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119002152126755\u0026w=2"
},
{
"name": "40521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40521"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479699/100/0/threaded"
},
{
"name": "alcatel-unified-mastercgi-command-execution(36632)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632"
},
{
"name": "25694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25694"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-3010",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T14:25:23.970930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-3010"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T00:05:56.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-3010"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-15T00:00:00+00:00",
"value": "CVE-2007-3010 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-3185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3185"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"
},
{
"name": "26853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26853"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119002152126755\u0026w=2"
},
{
"name": "40521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40521"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479699/100/0/threaded"
},
{
"name": "alcatel-unified-mastercgi-command-execution(36632)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632"
},
{
"name": "25694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3185",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3185"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php"
},
{
"name": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm",
"refsource": "CONFIRM",
"url": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm"
},
{
"name": "26853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26853"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=119002152126755\u0026w=2"
},
{
"name": "40521",
"refsource": "OSVDB",
"url": "http://osvdb.org/40521"
},
{
"name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479699/100/0/threaded"
},
{
"name": "alcatel-unified-mastercgi-command-execution(36632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632"
},
{
"name": "25694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3010",
"datePublished": "2007-09-18T21:00:00.000Z",
"dateReserved": "2007-06-04T00:00:00.000Z",
"dateUpdated": "2025-10-22T00:05:56.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}