PT-2008-2922 · Alcatel Lucent · Alcatel-Lucent Omnipcx Office

Published

2008-04-02

Updated

2019-08-14

CVE-2008-1331

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent OmniPCX Office versions prior to OXO210 210/091.001 Alcatel-Lucent OmniPCX Office versions prior to OXO600 610/014.001

Description The issue allows remote attackers to execute arbitrary commands and obtain resources via shell metacharacters in the id2 parameter of the cgi-data/FastJSData.cgi file.

Recommendations For versions prior to OXO210 210/091.001, update to version 210/091.001 or later. For versions prior to OXO600 610/014.001, update to version 610/014.001 or later. As a temporary workaround, consider restricting access to the cgi-data/FastJSData.cgi file until a patch is available. Avoid using the id2 parameter in the affected cgi-data/FastJSData.cgi file until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-1331

Affected Products

Alcatel-Lucent Omnipcx Office

PT-2008-2922 · Alcatel Lucent · Alcatel-Lucent Omnipcx Office

CVE-2008-1331

Weakness Enumeration

Related Identifiers

Affected Products

References · 9