CVE-2007-3010
Published: 18 September 2007
Summary
CVE-2007-3010 is a critical-severity Command Injection (CWE-77) vulnerability in Al-Enterprise Omnipcx Enterprise Communication Server. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
The vulnerability is a command injection flaw (CWE-77) in the masterCGI component of the Unified Maintenance Tool shipped with Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier. Untrusted input supplied in the user parameter is passed directly to the system shell during a ping action, allowing arbitrary command execution.
Unauthenticated remote attackers can exploit the issue over the network by submitting shell metacharacters in a crafted request to the affected CGI. Successful exploitation grants the ability to run commands with the privileges of the web server process, resulting in full system compromise as reflected by the CVSS 3.1 base score of 9.8.
Multiple public advisories and disclosure postings reference the flaw, including entries from RedTeam Pentesting, Secunia, OSVDB, and Full-Disclosure archives, but the supplied references contain no explicit mitigation steps or patch details.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2007-3002
Vulnerability details
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
- CWE(s)
- KEV Date Added
- 15 April 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Rejects or sanitizes the untrusted user parameter before it reaches the shell, directly blocking the command-injection vector in masterCGI.
Enforces authorization checks on the ping action so that unauthenticated remote requests cannot invoke the vulnerable CGI.
Constrains the web-server process to minimal privileges, limiting the scope of arbitrary commands that can be executed after successful injection.