Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1331

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1331
Last Modified 07 Mar 2011 12:00:00
Published 02 Apr 2008 04:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1331

Summary

cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.

Vulnerable Systems

Application

  • Alcatel-lucent Omnipcx 014.001

  • Alcatel-lucent Omnipcx 091.001


References

XF - omnipcx-cgiscript-info-disclosure(41560)

CONFIRM - http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm

VUPEN - ADV-2008-1057

SECTRACK - 1020082

BID - 28758

BUGTRAQ - 20080521 [DSECRG-08-020] Alcatel OmniPCX Office Remote Comand Execution

MILW0RM - 5662

SECUNIA - 29798


Last Updated: 27 May 2016 10:47:06