CVE-2007-3010

critical

Description

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36632

https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-3010

Details

Source: Mitre, NVD

Published: 2007-09-18

Updated: 2025-10-22

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H