Vulnerability Details : CVE-2007-3010
Public exploit exists!
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Products affected by CVE-2007-3010
- cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:*:*:*:*:*:*:*:*
CVE-2007-3010 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2007-3010
Added on
2022-04-15
Action due date
2022-05-06
Exploit prediction scoring system (EPSS) score for CVE-2007-3010
95.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-3010
-
Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
Disclosure Date: 2007-09-09First seen: 2020-04-26exploit/linux/http/alcatel_omnipcx_mastercgi_execThis module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated att
CVSS scores for CVE-2007-3010
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-02 |
References for CVE-2007-3010
-
http://osvdb.org/40521
Broken Link
-
http://www.securityfocus.com/archive/1/479699/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36632
Alcatel-Lucent Unified Maintenance Tool OmniPCX masterCGI command execution CVE-2007-3010 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/26853
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://marc.info/?l=full-disclosure&m=119002152126755&w=2
'[Full-disclosure] Alcatel-Lucent OmniPCX Remote Command Execution' - MARCExploit;Mailing List
-
http://www.securityfocus.com/bid/25694
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
RedTeam Pentesting GmbH - Page not foundBroken Link
-
http://www.vupen.com/english/advisories/2007/3185
Site en constructionBroken Link
-
http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
Broken Link
Jump to