Intrusion Prevention



This indicates an attack attempt against a command-injection vulnerability in Alcatel OmniPCX Office.
A vulnerability has been reported in Alcatel OmniPCX Office that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "id2" parameter value that is passed to "/FastJSData.cgi". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.

Affected Products

Alcatel OmniPCX Office since release 210/061.1


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the following web site:

CVE References