Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5709

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-5709
Last Modified 07 Mar 2011 10:15:02
Published 24 Dec 2008 01:29:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-5709

Summary

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.

Vulnerable Systems

Application

  • Avaya Communication Manager 3.1.1

  • Avaya Communication Manager 3.1.2

  • Avaya Communication Manager 3.1.3

  • Avaya Communication Manager 3.1.4

  • Avaya Communication Manager 4.0

  • Avaya Communication Manager 4.0.1

  • Avaya Communication Manager 4.0.3

  • Avaya Communication Manager 5.0


References

XF - avaya-cm-setstatic-command-execution(45749)

XF - avaya-cm-backuphistory-cmd-execution(45747)

VUPEN - ADV-2008-2772

MISC - http://www.voipshield.com/research-details.php?id=122

MISC - http://www.voipshield.com/research-details.php?id=121

BID - 31645

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm

SECUNIA - 32204


Last Updated: 27 May 2016 10:48:54