CVE-2008-1331

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent OmniPCX Office versions prior to OXO210 210/091.001 Alcatel-Lucent OmniPCX Office versions prior to OXO600 610/014.001

Description The issue allows remote attackers to execute arbitrary commands and obtain resources via shell metacharacters in the id2 parameter of the cgi-data/FastJSData.cgi file.

Recommendations For versions prior to OXO210 210/091.001, update to version 210/091.001 or later. For versions prior to OXO600 610/014.001, update to version 610/014.001 or later. As a temporary workaround, consider restricting access to the cgi-data/FastJSData.cgi file until a patch is available. Avoid using the id2 parameter in the affected cgi-data/FastJSData.cgi file until the issue is resolved.