Alcatel-Lucent.OmniPCX.Office.FastJSData.CGI.Command.Execution
Description
This indicates an attack attempt against a command-injection vulnerability in Alcatel OmniPCX Office.
A vulnerability has been reported in Alcatel OmniPCX Office that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "id2" parameter value that is passed to "/FastJSData.cgi". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.
Affected Products
Alcatel OmniPCX Office since release 210/061.1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version, available from the following web site:
http://www1.alcatel-lucent.com/enterprise/en/products/ip_telephony/omnipcxenterprise/index.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |