TROYANOSYVIRUS
Volver a CVEs

CVE-2007-3010

CRITICALCISA KEV
9.8

Descripcion

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/18/2007
Ultima modificacion10/22/2025
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorAlcatel
ProductoOmniPCX Enterprise
Nombre vulnerabilidadAlcatel OmniPCX Enterprise Remote Code Execution Vulnerability
Fecha inclusion KEV2022-04-15
Fecha limite remediacion2022-05-06
Uso en ransomwareUnknown

Productos afectados

al-enterprise:omnipcx_enterprise_communication_server

Debilidades (CWE)

CWE-77

Referencias

http://marc.info/?l=full-disclosure&m=119002152126755&w=2(cve@mitre.org)
http://osvdb.org/40521(cve@mitre.org)
http://secunia.com/advisories/26853(cve@mitre.org)
http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php(cve@mitre.org)
http://www.securityfocus.com/archive/1/479699/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/25694(cve@mitre.org)
http://www.vupen.com/english/advisories/2007/3185(cve@mitre.org)
http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36632(cve@mitre.org)
http://marc.info/?l=full-disclosure&m=119002152126755&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/40521(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26853(af854a3a-2127-422b-91ae-364da2661108)
http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/479699/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25694(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3185(af854a3a-2127-422b-91ae-364da2661108)
http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36632(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-3010(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.