Back to KEVs

CVE-2007-3010

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 04, 2007
Published Date
September 18, 2007
Last Updated
February 07, 2025
Vendor
Alcatel
Product
OmniPCX Enterprise Communication Server
Description
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Tags
cisa nuclei_scanner metasploit_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2022-04-15 00:00:00 UTC) Source

References

http://www.vupen.com/english/advisories/2007/3185 http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm http://secunia.com/advisories/26853 http://marc.info/?l=full-disclosure&m=119002152126755&w=2 http://osvdb.org/40521 http://www.securityfocus.com/archive/1/479699/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/36632 http://www.securityfocus.com/bid/25694

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-04-15 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb 2025-04-29 11:01:11 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2007/CVE-2007-3010.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

alcatel_omnipcx_mastercgi_exec

Type: metasploit • Created: Unknown

Metasploit module for CVE-2007-3010

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nuclei

  • Detected by Metasploit