CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3010

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score30.5500%
EPSS Percentile93.27th
PublishedSep 18, 2007
Last ModifiedApr 21, 2026

Vulnerability Description

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

Affected Platforms (CPE)

πŸ“¦
Al Enterprise

Omnipcx Enterprise Communication Server

<= 7.1

References & Advisories

πŸ”— http://marc.info/?l=full-disclosure&m=119002152126755&w=2
πŸ”— http://osvdb.org/40521
πŸ”— http://secunia.com/advisories/26853
πŸ”— http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
πŸ”— http://www.securityfocus.com/archive/1/479699/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/25694
πŸ”— http://www.vupen.com/english/advisories/2007/3185
πŸ”— http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm

Related Vulnerabilities

CVE-2007-53618.5

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an I...

CVE-2011-03445.8

Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded we...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...