Vulnerability: Alcatel-Lucent OmniPCX - Remote Command Execution

The OmniPCX web interface has a script “masterCGI” with a remote command execution vulnerability via the “user” parameter.

Impact

Any user with access to the web interface could execute arbitrary commands with the permissions of the webservers.

Severity

critical

Verified

Unknown