← Back to CVEs
CVE-2007-3010
CRITICALCISA KEV9.8
Description
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published9/18/2007
Last Modified10/22/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorAlcatel
ProductOmniPCX Enterprise
Vulnerability NameAlcatel OmniPCX Enterprise Remote Code Execution Vulnerability
KEV Date Added2022-04-15
Remediation Due Date2022-05-06
Ransomware UseUnknown
Affected Products
al-enterprise:omnipcx_enterprise_communication_server
Weaknesses (CWE)
CWE-77
References
http://marc.info/?l=full-disclosure&m=119002152126755&w=2(cve@mitre.org)
http://osvdb.org/40521(cve@mitre.org)
http://secunia.com/advisories/26853(cve@mitre.org)
http://www.securityfocus.com/archive/1/479699/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/25694(cve@mitre.org)
http://www.vupen.com/english/advisories/2007/3185(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36632(cve@mitre.org)
http://marc.info/?l=full-disclosure&m=119002152126755&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/40521(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26853(af854a3a-2127-422b-91ae-364da2661108)
http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/479699/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25694(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3185(af854a3a-2127-422b-91ae-364da2661108)
http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36632(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-3010(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.