Release DateJan 05, 2010 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a command-injection vulnerability in Alcatel OmniPCX Office.A vulnerability has been reported in Alcatel OmniPCX Office that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "id2" parameter value that is passed to "/FastJSData.cgi". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE. |
Affected ProductsAlcatel OmniPCX Office since release 210/061.1 |
Recommended ActionsUpgrade to the latest version, available from the following web site:http://www1.alcatel-lucent.com/enterprise/en/products/ip_telephony/omnipcxenterprise/index.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-1331 |
Reference/shttp://www.securityfocus.com/bid/28758 (BugTraq) |
