Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6573

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6573
Last Modified 02 Apr 2009 12:00:00
Published 01 Apr 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6573

Summary

Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.

Vulnerable Systems

Application

  • Avaya Communication Manager 3.1

  • Avaya Communication Manager 3.1.1

  • Avaya Communication Manager 3.1.2

  • Avaya Communication Manager 3.1.3

  • Avaya Communication Manager 3.1.4

  • Avaya Communication Manager 3.1.5

  • Avaya Communication Manager 4.0

  • Avaya Communication Manager 5.0


References

XF - avaya-ses-sip-sql-injection(41733)

XF - avaya-ses-spim-sql-injection(41730)

MISC - http://www.voipshield.com/research-details.php?id=26

MISC - http://www.voipshield.com/research-details.php?id=25

MISC - http://www.voipshield.com/research-details.php?id=22

BID - 28682

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm

SECUNIA - 29744

OSVDB - 44286

OSVDB - 44285

OSVDB - 44284


Last Updated: 27 May 2016 10:49:14