Critical severity9.8CISA KEVNVD Advisory· Published Sep 18, 2007· Updated Apr 21, 2026

CVE-2007-3010

Description

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

Affected products

Al Enterprise/Omnipcx Enterprise Communication Server
cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:*:*:*:*:*:*:*:*
Range: <=7.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdExploitMailing List
secunia.com/advisories/26853nvdBroken LinkVendor Advisory
www.securityfocus.com/archive/1/479699/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/25694nvdBroken LinkThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/36632nvdThird Party AdvisoryVDB Entry
osvdb.org/40521nvdBroken Link
www.redteam-pentesting.de/advisories/rt-sa-2007-001.phpnvdBroken Link
www.vupen.com/english/advisories/2007/3185nvdBroken Link
www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htmnvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000