CVE-2007-3010
KEV
🔴 Łataj teraz
Wykonanie dowolnych poleceń zdalnie w Alcatel OmniPCX przez wstrzyknięcie metakarakterów.
CVSS
9.8
EPSS
94.0%
Exploit
weaponized
Vendor
al-enterprise
Opis źródłowy (NVD)
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 94.0% |
| Opublikowano (NVD) | 2007-09-18 21:17:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 18:56:10 UTC |
Referencje
- http://marc.info/?l=full-disclosure&m=119002152126755&w=2 (cve@mitre.org) [Exploit, Mailing List]
- http://osvdb.org/40521 (cve@mitre.org) [Broken Link]
- http://secunia.com/advisories/26853 (cve@mitre.org) [Broken Link, Vendor Advisory]
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php (cve@mitre.org) [Broken Link]
- http://www.securityfocus.com/archive/1/479699/100/0/threaded (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securityfocus.com/bid/25694 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.vupen.com/english/advisories/2007/3185 (cve@mitre.org) [Broken Link]
- http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm (cve@mitre.org) [Broken Link]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36632 (cve@mitre.org) [Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-3010 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]