Intrusion Prevention

Alcatel-Lucent.OmniPCX.Office.FastJSData.CGI.Command.Execution

Description

This indicates an attack attempt against a command-injection vulnerability in Alcatel OmniPCX Office.
A vulnerability has been reported in Alcatel OmniPCX Office that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "id2" parameter value that is passed to "/FastJSData.cgi". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.

Affected Products

Alcatel OmniPCX Office since release 210/061.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the following web site:
http://www1.alcatel-lucent.com/enterprise/en/products/ip_telephony/omnipcxenterprise/index.html

CVE References

CVE-2008-1331